Monitor VPN Access

Unanswered Question
Feb 2nd, 2009
User Badges:

Can you monitor and log VPN access to a PIX or ASA? I would like to who and when the users connect a VPN tunnel.


I am assuming that you can but I can't find any documentation.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Mon, 02/02/2009 - 12:55
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Joshua


There are a number of messages that are generated by an ASA when a user connects using the VPN client to create an IPSec connection. You could use these to monitor and log VPN access. One of the many messages that you might consider to watch the establishment of the session is this one which marks the end of initial IPSec negotiation:


Feb 02 2009 15:40:30: %ASA-5-713120: Group = testgrp, Username = rburts, IP = 200.200.200.2, PHASE 2 COMPLETED (msgid=43a2a86b)


A message that you might consider to watch for ending of sessions is this one which gives the session duration as well as the timestamp of the event:

Feb 02 2009 15:40:44: %ASA-4-113019: Group = testgrp, Username = rburts, IP = 200.200.200.2, Session disconnected. Session Type: IPsec, Duration: 0h:00m:26s, Bytes xmt: 0, Bytes rcv: 3187, Reason: User Requested


HTH

merabtavart Fri, 07/22/2011 - 01:43
User Badges:

Check

http://www.vpnttg.com/


Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.


HTH

Actions

This Discussion