Monitor VPN Access

jmaurer1205 · ‎02-02-2009

Can you monitor and log VPN access to a PIX or ASA? I would like to who and when the users connect a VPN tunnel.

I am assuming that you can but I can't find any documentation.

Richard Burts · ‎02-02-2009

Joshua

There are a number of messages that are generated by an ASA when a user connects using the VPN client to create an IPSec connection. You could use these to monitor and log VPN access. One of the many messages that you might consider to watch the establishment of the session is this one which marks the end of initial IPSec negotiation:

Feb 02 2009 15:40:30: %ASA-5-713120: Group = testgrp, Username = rburts, IP = 200.200.200.2, PHASE 2 COMPLETED (msgid=43a2a86b)

A message that you might consider to watch for ending of sessions is this one which gives the session duration as well as the timestamp of the event:

Feb 02 2009 15:40:44: %ASA-4-113019: Group = testgrp, Username = rburts, IP = 200.200.200.2, Session disconnected. Session Type: IPsec, Duration: 0h:00m:26s, Bytes xmt: 0, Bytes rcv: 3187, Reason: User Requested

HTH

HTH

Rick

merabtavart · ‎07-22-2011

Check

http://www.vpnttg.com/

Advantage of VPNTTG over other SNMP based monitoring software’s is following: Other (commonly used) software’s are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer’s IP address and it stores for each VPN tunnel historical monitoring data into the SQL server and into the RRD (Round Robin Database) file.

HTH