Our ASA firewall is configured with IP address pools for remote access.
Remote users connect over VPN, are authenticated against a CSACS/RSA database and then assigned an address from the appropriate pool on the ASA.
I would like to be able to log the user authentications so that I know when a user was connected, what IP address they were assigned from the ASA pool and when they disconnected from our network again.
Can anyone suggest how I might achieve this?
At the moment, the closest I have is the Passed Authentications log on the CSACS server (achieved by turning on aaa accounting on the ASA) which tells me when the user authenticated but does NOT tell me what IP address from the ASA pool was assigned to them.
Does anyone have any suggestions?