Log RA VPN activity on ASA5510

Unanswered Question
Jun 17th, 2009

Can I log the RA VPN activity from Cisco VPN clients?

I am authenticating the users via TACACS, but would like to log the activity like what you could do with a 3005 concentrator.

Can this be done?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Richard Burts Sun, 06/28/2009 - 16:02


Perhaps there is some aspect of your question that I am not understanding. But in my experience the log messages on the ASA5500 show show Remote Access VPN session creation in a way that is similar to what is logged from the 3000 series concentrators.



wilson_1234_2 Mon, 06/29/2009 - 11:52

Thanks Rick,

Maybe the 5510 is not configured as it should be to do what I am asking.

I can see the RA VPN when looking in the ASDM.

Also, there is an option for accounting in the ASA for the ra tunnel group.

Would this allow me to log RA activity to the TACACS server?

Richard Burts Thu, 07/02/2009 - 06:32


I have not used and have not really looked very much at the accounting option on the ASA so can not speak to this directly. But assuming that the accounting on the ASA is implemented similar to the way it is in IOS I would think that it should be possible to send accounting records to the TACACS server to show VPN activity.




This Discussion