Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Monitor VPN Access

Can you monitor and log VPN access to a PIX or ASA? I would like to who and when the users connect a VPN tunnel.

I am assuming that you can but I can't find any documentation.

Hall of Fame Super Silver

Re: Monitor VPN Access


There are a number of messages that are generated by an ASA when a user connects using the VPN client to create an IPSec connection. You could use these to monitor and log VPN access. One of the many messages that you might consider to watch the establishment of the session is this one which marks the end of initial IPSec negotiation:

Feb 02 2009 15:40:30: %ASA-5-713120: Group = testgrp, Username = rburts, IP =, PHASE 2 COMPLETED (msgid=43a2a86b)

A message that you might consider to watch for ending of sessions is this one which gives the session duration as well as the timestamp of the event:

Feb 02 2009 15:40:44: %ASA-4-113019: Group = testgrp, Username = rburts, IP =, Session disconnected. Session Type: IPsec, Duration: 0h:00m:26s, Bytes xmt: 0, Bytes rcv: 3187, Reason: User Requested


New Member

Monitor VPN Access


Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.


CreatePlease to create content