I have TACACS enabled on a number of ASAs, and make use of the accounting data as triggers for various events. Alas, this facility seems much less complete than on switches and routers, as one item I'm interested in trapping is the 'end' of an ASDM session. While 'starts' are captured, there seems to be nothing to signal a 'stop' (i.e. 'disc-cause' or similar.)
I'm trying to find an alternate method of capturing this (recognizing that an RFF would be the proper approach), though even that seems a challenge: I haven't yet come across any SNMP pollable MIB to identify what sessions exist, nor have I seen that any traps are available.
The CLI 'show asdm sessions' produces the target list, while using this method feels even more clunky than having to poll a MIB/look for a trap/log, etc.
Can anyone corroborate that this is the only alternative, or have I overlooked something in the MIBs?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...