How can enable log on ASA 5510 for VPN client access?

Unanswered Question
Jan 26th, 2011
User Badges:

Dear All,

i have ASA 5510 and i was configur VPN client already but i want to see log when my client connect VPN client ?

How can i know information when they connect? i just to know that we can enable log on ASA but when we enable log all information come but i want to know on client access into ASA?

Best Regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Wed, 01/26/2011 - 20:10
User Badges:
  • Green, 3000 points or more


Browsing the community I found this:

You can send all the syslog messages for remote vpn client only to your syslog server as follows:

logging list vpn-log level debugging class vpnc
logging trap vpn-log

OR/ alternatively, if you know exactly which syslog messages you are after, you can configure it this way:

logging list vpn-list message 611101

logging trap vpn-list

The vpn client syslog is within the 611xxx range, and here is the syslog for your reference:

Hope that helps.


rechard_hk Wed, 01/26/2011 - 20:44
User Badges:

Dear Federico.

you mean that when i apply command as below, so i can see my user connect to ASA right?

logging list vpn-log level debugging class vpnc
logging trap vpn-log

Best Regards,


Federico Coto F... Thu, 01/27/2011 - 08:47
User Badges:
  • Green, 3000 points or more

Well, that example show enabling the logs to be sent to a syslog server.

You can check your logs on a syslog server (recommended), or in the buffer on the ASA itself for example.

Either way, the idea is to enable only the logs particularly to the VPN clients which are in the range mentioned.

Here are two examples:


Error Message    %PIX|ASA-6-611307: VPNClient: Head end : IP_address
Explanation    The VPN client is connected to the specified headend.


Error Message    %PIX|ASA-6-611309: VPNClient: Disconnecting from head end and
uninstalling previously downloaded policy: Head End: IP_address

Explanation    A VPN client is disconnecting and uninstalling a previously installed policy.



This Discussion