Can the ASA log when Cisco client VPN's logon/logoff?

Unanswered Question
Apr 14th, 2008
User Badges:

Hi, I'm moving my IPSec VPN's from my Cisco Concentrator to my ASA 5520. I log (to a syslog server) users that logon and logoff, how can I do this on the ASA?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I have all traffic from my ASA logged via syslog, then I filter in my syslog server what I want to see:-


logging enable

logging buffer-size 14096

logging buffered debugging

logging trap debugging

logging facility ##(used by my syslog server to filter)

logging host <> <>


My syslog see's:-


%ASA-6-602304: IPSEC: An inbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been created.

%ASA-6-602304: IPSEC: An outbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been deleted.


HTH


whiteford Wed, 04/16/2008 - 00:32
User Badges:

Thanks, does having the ASA set to full debug mode put strain on the ASA? There must be millions of logs come in?

We run a pair of ASA5540's (1gb mem, 256mb flash) we have 60 L2L VPN tunnels terminated, and a min of 100 Remote Access VPN's daily. We run the L2L with 3DES, and the Remote VPN with AES. At peak times, the CPU creaps up to 5% and memory is 90% free.....having them run the traps and logs in debug mode does not affect our ASA's.


Depending on the models you have - you might want to test the traps levels first and see the impact.


HTH

Actions

This Discussion