To my knowledge for information about users connection times / bandwith usage / etc you will need a separate software to get that information.
If not that, you will have to send the ASAs logs to a syslog server and collect and filter the data from there with some method.
I've considered configuring a some of ours ASAs only used for VPN to only send VPN related log messages (to make the syslog easier to read through and faster to filter through) but I havent still gotten into doing that. I would also have to determine if I can configure separate logging rules for different destination servers.
Re: How to configure Logging for remote access vpn
Assuming syslog server getting all the necessary log information from ASA and if you have a SQL server that can pull data from syslog server, you can have your dba a write a script that creats a table with all the VPN related information from syslog. The table will be populated with only related messages from ASA IP- so rest will not be included.
We did the similar implementation recently -as our management wants to know who, what time and how long remote users connected via vpn & citrix (for security reasons). We do not pull error messages into table -as we mainly need login & logout time etc. Few of the message IDs you may want to log...
%PIX|ASA-7-713160: Remote user (session Id - id) has been granted access by the Firewall Server
> %PIX|ASA-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server
> %PIX|ASA-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server
> %PIX|ASA-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server
Check with ASA IOS version doc for proper message Ids.
This way you do not need to spend fortune except your DBA's time .
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :