In order to indentify unauthorized access, you have to have:
1) any user identified (in some way or another - by ip address, username, etc).
2) you have to have some way to track that.
The normal way that I would recommend is to use AAA. i.e. If you set up authentication for all interfaces through which you allow a shell session (vty and console for instance), and then also set up accounting, then you can monitor all authentication attempts (successful and failed) in your AAA logs.
You will need a aaa server like ACS. If you need just real basics, Windows servers have a built-in radius server (IAS) that you could use.
A crude alternative, if you were just concerned about telnet, is to put a "permit" acl that allows telnet. On the end of the ACL you would use the keyword "log" and then set up logging on your router. The result would be that any traffic that matched that acl entry for telnet would generate a syslog. You have to decide how you would want to craft your acl entry so that the information is useful. Also, if this is your only acl on that interface, don't forget about the explict deny any at the end of the ACL.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...