×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

monitoring user sessions in a pix-vpn client enviornment

Unanswered Question
Aug 6th, 2002
User Badges:

Hi,


I am using a Cisco pix 515 as my VPN gateway (instead of a concentrator) to which users connect using the cisco vpn client . The users authentication is being done with the help of a Windows 2000 IAS. In concentrator i could see the details of the connected user sessions like Windows username, the IP address allocated to the client and the log in time ..


When using a Pix will i be able to get these details. If I issue the command

sh ip local pool <pool name> i can see the no:of addresses allocated to the clients and the address.

But is there a way to see the nae of the logged in user and the IP assigned to him.


regards,

jimmy.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
afakhan Tue, 08/06/2002 - 20:14
User Badges:
  • Bronze, 100 points or more

Hi,


You can configure Accounting on Win2K IAS RADIUS server/PIX, and then parse the log files from RADIUS server to grab the same info. as you see under VPN3K monitoring->system status.


Thanks,

Afaq


jimmyjoseph Wed, 08/07/2002 - 07:05
User Badges:

Hi,


Thanks for that feedback..but does this require any configuration on the pix side?


Like do i have to configure AAA or something of that sort on the pix?

Or do you mean to just get the details of IAS server logs. Could you be more

clear? Also please give me some links or docs helpful in doing this.


regards,

jimmy.

dro Wed, 08/07/2002 - 11:55
User Badges:

I'm running into a similar problem. I have a group of users who use the VPN client and connect into a PIX 515 running 6.2(1). The users are authenticated off of a UNIX based RADIUS server with xauth.


My only problem is that the PIX doesn't send the proper accounting messages to the RADIUS server indicating the stop times or IP Addresses for the connections.


The RADIUS server only records the start time of the session.


I thought this might be because Cisco was using certain vendor specific RADIUS attributes to send the data, but even with the RADIUS server logging all data it receives, it doesn't show up.


I enabled aaa accounting on the PIX, but it was only sending data to the RADIUS server concerning the start/stop times for TCP connections initiated from LAN users (my xauth data didn't show up because I have 'sysopt permit pl-compatible' enabled).


As a semi work around, Jimmy, you should be able to see which users is using which IP Address via the 'show uauth' command... but I have yet to find a way to correctly log this information for the purpose of auditing network connections and activity.


Cheers,

Joshua

Actions

This Discussion