monitoring user sessions in a pix-vpn client enviornment
I am using a Cisco pix 515 as my VPN gateway (instead of a concentrator) to which users connect using the cisco vpn client . The users authentication is being done with the help of a Windows 2000 IAS. In concentrator i could see the details of the connected user sessions like Windows username, the IP address allocated to the client and the log in time ..
When using a Pix will i be able to get these details. If I issue the command
sh ip local pool <pool name> i can see the no:of addresses allocated to the clients and the address.
But is there a way to see the nae of the logged in user and the IP assigned to him.
Re: monitoring user sessions in a pix-vpn client enviornment
I'm running into a similar problem. I have a group of users who use the VPN client and connect into a PIX 515 running 6.2(1). The users are authenticated off of a UNIX based RADIUS server with xauth.
My only problem is that the PIX doesn't send the proper accounting messages to the RADIUS server indicating the stop times or IP Addresses for the connections.
The RADIUS server only records the start time of the session.
I thought this might be because Cisco was using certain vendor specific RADIUS attributes to send the data, but even with the RADIUS server logging all data it receives, it doesn't show up.
I enabled aaa accounting on the PIX, but it was only sending data to the RADIUS server concerning the start/stop times for TCP connections initiated from LAN users (my xauth data didn't show up because I have 'sysopt permit pl-compatible' enabled).
As a semi work around, Jimmy, you should be able to see which users is using which IP Address via the 'show uauth' command... but I have yet to find a way to correctly log this information for the purpose of auditing network connections and activity.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :