Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Logging VPN connections

Greetings All,

I have a customer who wishes to log all VPN user activity on their ASA5510 so he can look back and see who was using a VPN connection on a particular day.

I can see in the ASDM how you can see real time, who is on but do you know what logging command I need to use to log this activity for reference so that it can be viewed at a later date?

Thanks

5 REPLIES
Gold

Re: Logging VPN connections

Hello Haroon,

You can check the following document to setup VPN client authentication using M$ IAS/RADIUS. Works very well for my customer...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

Hope it helps and please rate posts if it does!!

Cheers // Jay

New Member

Re: Logging VPN connections

Thanks Jay,

But my issue is that VPN users are already authenticated locally. My only requirement is that I want ASA to send syslogs of the connections made by VPN clients.

i.e. Everytime a VPN client logs in, ASA should send a syslog to syslog server.

Thanks,

New Member

Re: Logging VPN connections

My firewall logs this as %ASA-7-713052.

May 3 09:31:37 xxxfrwxxx %ASA-7-713052: Group = xxx, Username = xxx, IP = aaa.bbb.ccc.ddd, User (xxx) authenticated.

This is just one of many log messages that I see upon authentication.

New Member

Re: Logging VPN connections

Can you tell me how is it configured?

Thanks

New Member

Re: Logging VPN connections

Logging is configured pretty verbose.

logging enable

logging timestamp

logging standby

logging console debugging

logging monitor debugging

logging buffered debugging

logging trap debugging

logging history debugging

logging asdm debugging

logging facility 21

logging host inside aaa.bbb.ccc.ddd

logging host inside aaa.bbb.ccc.eee

no logging message 710005

no logging message 710003

Here's the failure message btw.

May 3 17:46:02 xxxfrwxxx %ASA-3-713167: Group = xxx, Username = xxx, IP = aaa.bbb.ccc.ddd, Remote peer has failed user authentication - check configured username and password

521
Views
4
Helpful
5
Replies