02-02-2009 12:23 PM - edited 03-11-2019 07:44 AM
Can you monitor and log VPN access to a PIX or ASA? I would like to who and when the users connect a VPN tunnel.
I am assuming that you can but I can't find any documentation.
02-02-2009 12:55 PM
Joshua
There are a number of messages that are generated by an ASA when a user connects using the VPN client to create an IPSec connection. You could use these to monitor and log VPN access. One of the many messages that you might consider to watch the establishment of the session is this one which marks the end of initial IPSec negotiation:
Feb 02 2009 15:40:30: %ASA-5-713120: Group = testgrp, Username = rburts, IP = 200.200.200.2, PHASE 2 COMPLETED (msgid=43a2a86b)
A message that you might consider to watch for ending of sessions is this one which gives the session duration as well as the timestamp of the event:
Feb 02 2009 15:40:44: %ASA-4-113019: Group = testgrp, Username = rburts, IP = 200.200.200.2, Session disconnected. Session Type: IPsec, Duration: 0h:00m:26s, Bytes xmt: 0, Bytes rcv: 3187, Reason: User Requested
HTH
07-22-2011 01:43 AM
Check
Advantage of VPNTTG over other SNMP based monitoring software’s is following: Other (commonly used) software’s are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer’s IP address and it stores for each VPN tunnel historical monitoring data into the SQL server and into the RRD (Round Robin Database) file.
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: