Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can the ASA log when Cisco client VPN's logon/logoff?

Hi, I'm moving my IPSec VPN's from my Cisco Concentrator to my ASA 5520. I log (to a syslog server) users that logon and logoff, how can I do this on the ASA?

5 REPLIES

Re: Can the ASA log when Cisco client VPN's logon/logoff?

I have all traffic from my ASA logged via syslog, then I filter in my syslog server what I want to see:-

logging enable

logging buffer-size 14096

logging buffered debugging

logging trap debugging

logging facility ##(used by my syslog server to filter)

logging host <> <>

My syslog see's:-

%ASA-6-602304: IPSEC: An inbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been created.

%ASA-6-602304: IPSEC: An outbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been deleted.

HTH

New Member

Re: Can the ASA log when Cisco client VPN's logon/logoff?

Thanks, does having the ASA set to full debug mode put strain on the ASA? There must be millions of logs come in?

Re: Can the ASA log when Cisco client VPN's logon/logoff?

We run a pair of ASA5540's (1gb mem, 256mb flash) we have 60 L2L VPN tunnels terminated, and a min of 100 Remote Access VPN's daily. We run the L2L with 3DES, and the Remote VPN with AES. At peak times, the CPU creaps up to 5% and memory is 90% free.....having them run the traps and logs in debug mode does not affect our ASA's.

Depending on the models you have - you might want to test the traps levels first and see the impact.

HTH

New Member

Re: Can the ASA log when Cisco client VPN's logon/logoff?

wow, that's a lot of traffic and not much pressure on your ASA's, I will use your CLI your posted on ours and see what happens.

Re: Can the ASA log when Cisco client VPN's logon/logoff?

no problem - glad to help.

702
Views
0
Helpful
5
Replies
CreatePlease login to create content