Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
0
Helpful
6
Replies

Doubts in message id cisco

viswesh1406
Level 1
Level 1

‎03-27-2012 11:23 PM - edited ‎03-11-2019 03:47 PM

Hi Guys,

          I see that 113011 message id log shows user specific group policy. what is the difference between these two log?

But i see they have different name. 113009 also shows vpn group name which is assigned to that particular user.

<166>Apr 12 2011 20:29:33 AWT-AA : %ASA-6-113011: AAA retrieved user specific group policy (AWA-VPN-GP02) for user = ktakeuchi

<166>Apr 12 2011 20:29:33 AWT-AA : %ASA-6-113009: AAA retrieved default group policy (NOACCESS) for user = ktakeuchi

Regards,

M.Viswesh.

Labels:
0 Helpful
6 Replies 6

zhohuang
Level 1
Level 1

‎04-01-2012 07:51 AM

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/system/message/logmsgs.html#wp4769477

Here's the syslog explain , you can refer to .

they are same meaning ... i also don't know why so design.

0 Helpful

viswesh1406
Level 1
Level 1
In response to zhohuang

‎04-02-2012 08:53 AM

Hi Zhongyu,

                 So which message id I should believe? It is a very critical information for log reporting. I am unable to open the link you have provided, it says forbidden.

Regards,

M.Viswesh

0 Helpful

zhohuang
Level 1
Level 1
In response to viswesh1406

‎04-02-2012 07:11 PM

113009

Error Message    %ASA-6-113009: AAA retrieved default group policy policy for user user

Explanation    This message may be generated during the authentication or authorization of an IPSec  or WebVPN connection. The attributes of the group policy that were specified with the  tunnel-group or webvpn commands have been retrieved.

Recommended Action    None required.

113011

Error Message    %ASA-6-113011: AAA retrieved user specific group policy policy for user

user

Explanation    This event may be generated during the authentication or authorization of an IPSec or WebVPN connection. The attributes of the group policy that was specified with the tunnel-group or webvpn commands have been retrieved.

Recommended Action    None required.

0 Helpful

viswesh1406
Level 1
Level 1
In response to zhohuang

‎04-02-2012 11:18 PM

HI Zhongyu,

                Thanks for your reply. The bold words "default group policy" denotes the group policy for that particualr user right? Please correct me if i am wrong. In some cases 113011 log has same name as of 113009.

               1) If the names are different, which name i should consider(which group policy is applied to the user)??

Regards,

M.Viswesh

0 Helpful

zhohuang
Level 1
Level 1
In response to viswesh1406

‎04-03-2012 12:54 AM

Hi , I don't know you use these ID do?

Here's an example I'd like to share:

AAA retrieved default group policy (HomeTest) for user = koya
AAA retrieved user specific group policy (NetAdminGPol) for user = koya

The "default group policy" is the group policy defined on the tunnel-group. [HomeTest]
The "user specific group policy" is the group policy mapped via ldap or radius. [NetAdminGPol]

Any attributes NOT defined in NetAdminGPol will be inherited from HomeTest. 
It the attribute is NOT defined in HomeTest then it will be inherited from the DfltGrpPolicy(default global config).
simply put you should define ALL the attributes you want in the NetAdminGPol.

0 Helpful

viswesh1406
Level 1
Level 1
In response to zhohuang

‎04-11-2012 12:40 AM

Thanks Zhongyu, Apologize for the delayed response.what we basically do is, collect the cisco logs and analyze the information from that. Some times 113011 log doesnot appear, so it means for that user, no specific group policy is applied right? in this scenario, the group name in the log id 113009 denotes what?

Regards,

M.Viswesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card