vpn monitoring

Unanswered Question
Jan 30th, 2010

Gurus,

Do we have a way to monitor site to site or SSL VPN ( anyconnect) for tracking users logins, things conducted by user during the session & any further checks that may need to be done.


Appreciate any help on this.

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pudawat Sun, 01/31/2010 - 09:05

Hi Thomas,

You need to enable SYSLOG following messages on the ASA:

722007

Error Message %ASA-3-722007: Group group User user-name IP IP_address SVC Message:

type-num/ERROR: message

Explanation This is a message from the SSL VPN client (SVC) .

type-num— A number from 0 to 31 indicating a message type. Message types are as follows:

0—Normal.

16—Logout.

17—Closed due to error.

18—Closed due to rekey.

1-15, 19-31—Reserved and unused.

message—A text message from the SVC.

722037

Error Message %ASA-5-722037: Group group User user-name IP IP_address SVC closing

connection: reason.

Explanation An SSL VPN client (SVC) connection was terminated for the given reason.

reason—The reason the SVC connection was terminated.

113019

Error Message %PIX|ASA-4-113019: Group = group, Username = user, IP = peer_address,

Session disconnected. Session Type: type, Duration: duration, Bytes xmt:

count, Bytes rcv: count, Reason: reason

Explanation This is an information message.

group—group name

user—username

peer_address—peer address

type—session type (for example, IPSec/UDP)

duration—connect duration

count—number of bytes

reason—disconnect reason

Recommended Action None.

Thanks,

Pradhuman

Actions

This Discussion