Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

monitoring user sessions in a pix-vpn client enviornment


I am using a Cisco pix 515 as my VPN gateway (instead of a concentrator) to which users connect using the cisco vpn client . The users authentication is being done with the help of a Windows 2000 IAS. In concentrator i could see the details of the connected user sessions like Windows username, the IP address allocated to the client and the log in time ..

When using a Pix will i be able to get these details. If I issue the command

sh ip local pool <pool name> i can see the no:of addresses allocated to the clients and the address.

But is there a way to see the nae of the logged in user and the IP assigned to him.




Re: monitoring user sessions in a pix-vpn client enviornment


You can configure Accounting on Win2K IAS RADIUS server/PIX, and then parse the log files from RADIUS server to grab the same info. as you see under VPN3K monitoring->system status.



New Member

Re: monitoring user sessions in a pix-vpn client enviornment


Thanks for that feedback..but does this require any configuration on the pix side?

Like do i have to configure AAA or something of that sort on the pix?

Or do you mean to just get the details of IAS server logs. Could you be more

clear? Also please give me some links or docs helpful in doing this.



New Member

Re: monitoring user sessions in a pix-vpn client enviornment

I'm running into a similar problem. I have a group of users who use the VPN client and connect into a PIX 515 running 6.2(1). The users are authenticated off of a UNIX based RADIUS server with xauth.

My only problem is that the PIX doesn't send the proper accounting messages to the RADIUS server indicating the stop times or IP Addresses for the connections.

The RADIUS server only records the start time of the session.

I thought this might be because Cisco was using certain vendor specific RADIUS attributes to send the data, but even with the RADIUS server logging all data it receives, it doesn't show up.

I enabled aaa accounting on the PIX, but it was only sending data to the RADIUS server concerning the start/stop times for TCP connections initiated from LAN users (my xauth data didn't show up because I have 'sysopt permit pl-compatible' enabled).

As a semi work around, Jimmy, you should be able to see which users is using which IP Address via the 'show uauth' command... but I have yet to find a way to correctly log this information for the purpose of auditing network connections and activity.



CreatePlease to create content