VPN Logs

Unanswered Question
Sep 30th, 2009

We have been tasked with measuring and reporting the amount of time it takes remote workers, who access networks with a cisco VPN client, to open the client and then establish full access to their remote workspaces. Are there any logs on the client machine that this information can be derived from?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Wed, 09/30/2009 - 13:25


I am not clear whether your question is directed toward the traditional Cisco IPSec VPN client or toward the new Cisco AnyConnect VPN client. At a high level I believe that the answer for both clients is yes there are logs and you should be able to derive the information you need from them. The details of what each client logs and of how you access the logs is different.



ANDREWRLAMB Wed, 09/30/2009 - 13:40

Hi Rick, it is the traditional Cisco Vpn client that I refer to.

Will these logs provide me the detail I require and how do I access them.

Thanks Andy

Richard Burts Thu, 10/01/2009 - 04:20


There are a couple of ways to access the logs of the tradition Cisco IPSec VPN client. Probably the easiest is on the main page of the VPN client there is a tab identified as log, and if you click that tab it will display the contents of the logs. Or you can use ctrl + L to display the log entries. Or on the main page in the tool bar is an option for log. If you click that it will open a drop down menu with an option for log window, and this will display the log contents.

The logs display messages in 10 categories and each category has a severity level that can be selected, ranging from disabled to low to medium to high. You may need to do some adjusting to get log messages that will satisfy your requirements. I would assume that log messages from ISAKMP would be a good place to identify the beginning of the connection process. I am not sure whether messages from the Connection Manager or from PPP (or perhaps some other category) would be the best to indicate completion of the connection process.



Richard Burts Thu, 10/01/2009 - 04:51


I have done a little testing and it looks like messages from the Connection Manager would be your best bet. Here is what I got from the logs for a connection that I established:

connection is beginning:

2 08:41:24.093 10/01/09 Sev=Info/4 CM/0x63100002

Begin connection process

session is established:

83 08:41:43.937 10/01/09 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 1.




This Discussion