Can the ASA log when Cisco client VPN's logon/logoff?

whiteford · ‎04-14-2008

Hi, I'm moving my IPSec VPN's from my Cisco Concentrator to my ASA 5520. I log (to a syslog server) users that logon and logoff, how can I do this on the ASA?

andrew.prince · ‎04-15-2008

I have all traffic from my ASA logged via syslog, then I filter in my syslog server what I want to see:-

logging enable

logging buffer-size 14096

logging buffered debugging

logging trap debugging

logging facility ##(used by my syslog server to filter)

logging host <> <>

My syslog see's:-

%ASA-6-602304: IPSEC: An inbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been created.

%ASA-6-602304: IPSEC: An outbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been deleted.

HTH

whiteford · ‎04-16-2008

Thanks, does having the ASA set to full debug mode put strain on the ASA? There must be millions of logs come in?

andrew.prince · ‎04-16-2008

We run a pair of ASA5540's (1gb mem, 256mb flash) we have 60 L2L VPN tunnels terminated, and a min of 100 Remote Access VPN's daily. We run the L2L with 3DES, and the Remote VPN with AES. At peak times, the CPU creaps up to 5% and memory is 90% free.....having them run the traps and logs in debug mode does not affect our ASA's.

Depending on the models you have - you might want to test the traps levels first and see the impact.

HTH

whiteford · ‎04-16-2008

wow, that's a lot of traffic and not much pressure on your ASA's, I will use your CLI your posted on ours and see what happens.

andrew.prince · ‎04-16-2008

no problem - glad to help.