Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
0
Helpful
3
Replies

monitoring user sessions in a pix-vpn client enviornment

jimmyjoseph
Level 1
Level 1

‎08-06-2002 07:29 AM - edited ‎02-21-2020 11:58 AM

Hi,

I am using a Cisco pix 515 as my VPN gateway (instead of a concentrator) to which users connect using the cisco vpn client . The users authentication is being done with the help of a Windows 2000 IAS. In concentrator i could see the details of the connected user sessions like Windows username, the IP address allocated to the client and the log in time ..

When using a Pix will i be able to get these details. If I issue the command

sh ip local pool <pool name> i can see the no:of addresses allocated to the clients and the address.

But is there a way to see the nae of the logged in user and the IP assigned to him.

regards,

jimmy.

Labels:
0 Helpful
3 Replies 3

afakhan
Level 4
Level 4

‎08-06-2002 08:14 PM

Hi,

You can configure Accounting on Win2K IAS RADIUS server/PIX, and then parse the log files from RADIUS server to grab the same info. as you see under VPN3K monitoring->system status.

Thanks,

Afaq

0 Helpful

jimmyjoseph
Level 1
Level 1
In response to afakhan

‎08-07-2002 07:05 AM

Hi,

Thanks for that feedback..but does this require any configuration on the pix side?

Like do i have to configure AAA or something of that sort on the pix?

Or do you mean to just get the details of IAS server logs. Could you be more

clear? Also please give me some links or docs helpful in doing this.

regards,

jimmy.

0 Helpful

dro
Level 1
Level 1
In response to jimmyjoseph

‎08-07-2002 11:55 AM

I'm running into a similar problem. I have a group of users who use the VPN client and connect into a PIX 515 running 6.2(1). The users are authenticated off of a UNIX based RADIUS server with xauth.

My only problem is that the PIX doesn't send the proper accounting messages to the RADIUS server indicating the stop times or IP Addresses for the connections.

The RADIUS server only records the start time of the session.

I thought this might be because Cisco was using certain vendor specific RADIUS attributes to send the data, but even with the RADIUS server logging all data it receives, it doesn't show up.

I enabled aaa accounting on the PIX, but it was only sending data to the RADIUS server concerning the start/stop times for TCP connections initiated from LAN users (my xauth data didn't show up because I have 'sysopt permit pl-compatible' enabled).

As a semi work around, Jimmy, you should be able to see which users is using which IP Address via the 'show uauth' command... but I have yet to find a way to correctly log this information for the purpose of auditing network connections and activity.

Cheers,

Joshua

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents