Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Logging VPN clients

I have a ASA 5510 Security Plus Appliance which has VPN enabled. How can do a logging of clients that have VPN into my network or have failed to VPN in.

Thanks

3 REPLIES

Re: Logging VPN clients

Best is to setup a syslog server to capture logs or set up FTP server for same purpose, if you want specific log ID such as vpn clients connections, you may filter by using the Event List feature under firewall managemet logging section, configure Event class to filter on specific messages events such as vpn Ike IPsec connections webvpn etc..

working with messages loggings - see logging host for syslog server setup or logging ftp-server

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1736463

Event list logging filtering - logging in general

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/cfglog.html

Rgds

-Jorge

Community Member

Re: Logging VPN clients

My ASA firewall logging setup is by syslog ID. Do you know what is the syslog ID associated with VPN so that I can enable it?

Re: Logging VPN clients

Look in messages ID ranges from 701001 to 732003 , like the 731052, 713056, 713060, 713061, there could be more , what I would suggest is to have a user connect via vpn and look at the asdm log when the user connects, take look at realtime asdm log and take notes of the syslog ID# on the syslog id colum,you may also ask the user to to purposely fail user password when connecting so that you can capture syslog id number for references.

System log messages

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html

Syslog messages by code

http://www.cisco.com/en/US/products/ps6120/products_system_message_guides_list.html

HTH

-Jorge

PLS rate any helpful posts

216
Views
4
Helpful
3
Replies
CreatePlease to create content