Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How to configure Logging for remote access vpn

Hi,

i have cisco ASA5520 and i have a remote access vpn .I want to configure logging for this remote access vpn.

i want the time user connected .how log it is connected .If any error while connecting ?

Please reply ASAP.

Regards,

Prashant

4 REPLIES
Super Bronze

How to configure Logging for remote access vpn

Hi,

To my knowledge for information about users connection times / bandwith usage / etc you will need a separate software to get that information.

If not that, you will have to send the ASAs logs to a syslog server and collect and filter the data from there with some method.

I've considered configuring a some of ours ASAs only used for VPN to only send VPN related log messages (to make the syslog easier to read through and faster to filter through) but I havent still gotten into doing that. I would also have to determine if I can configure separate logging rules for different destination servers.

- Jouni

New Member

How to configure Logging for remote access vpn

Hi

we do have syslog server but it takes to much of time to observe the logs.And we donot have any separate asa to configure for vpn only.

Please let us know the softaware for that info

Super Bronze

Re: How to configure Logging for remote access vpn

Hi,

The programs/software mentioned to me when I asked our Cisco contact was Cisco Security Manager 4.1 and a third party software called Extraxi

I'd imagine using either software to their full extent will cost you.

Though I still imagine you would have other options. As I said, I havent setup any similiar setup in my own work yet.

- Jouni

Re: How to configure Logging for remote access vpn

Hi Prashant,

Assuming syslog server getting all the necessary log information from ASA and if you have a SQL server that can pull data from syslog server, you can have your dba a write a script that creats a table with all the VPN related information from syslog. The table will be populated with only related messages from ASA IP- so rest will not be included.

We did the similar implementation recently -as our management wants to know who, what time and how long remote users connected via vpn & citrix (for security reasons). We do not pull error messages into table -as we mainly need login & logout time etc. Few of the message IDs you may want to log...

%PIX|ASA-7-713160: Remote user (session Id - id) has been granted access by the Firewall Server

> %PIX|ASA-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server

> %PIX|ASA-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server

> %PIX|ASA-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server

Check with ASA IOS version doc for proper message Ids.

This way you do not need to spend fortune except your DBA's time .

hth

MS

513
Views
4
Helpful
4
Replies
CreatePlease to create content