Firewall syslog

Unanswered Question
Mar 5th, 2010

HI,

we are using PIx 515E as our firewall in our network

In Firewall we configured remote VPN access for users to access from home

now we are planning to moniotor who is authenticated on remote VPN through the syslog server

which faclilty level will give the information of authenticting remote user details

thanks inadvance

vinu

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
francisco_1 Fri, 03/05/2010 - 04:48

Vinu,

The severity level depends on the output log message.

Error Message    %ASA-6-716039: Authentication: rejected, group = name user = user, 
Session Type: WebVPN

Explanation   Before a WebVPN session starts, the user must be authenticated successfully by a local or remote server (for example, RADIUS or TACACS+). In this case, the user credentials (user name and password) either did not match or the user does not have permission to start a WebVPN session.

Recommended Action   Verify the user credentials on the local or remote server. Verify that WebVPN is configured for the user.

The above is severity 6 and log message number including username affected.

This urls will provide all the info you need

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wpxref66501     (searcg for vpn will provide you all logs and severity for vpn)

Also http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logsev.html

Actions

This Discussion