I am running ACS 3.3(4) and a VPN Concentrator 3000. The VPN accepts IPSec or SSL vpn connections. The vpn also authenticates users via RADIUS on the ACS server.
Usually when someone authenticates on the vpn or anywhere else for that matter, the source IP address (caller-ID) is recorded in the Passed Authentications log. I have noticed that when users use the SSL VPN, that caller-ID or source IP is not recorded. Does anyone know why this is & how I can fix it? I really like having the source IP in those passed authentication logs, that way I know where they are establishing their sessions from.
Re: No caller ID in ACS Passed Authentication logs
If appropriate levels of AAA logging are enabled on the RAS/NAS devices and/or ACS server then the use of Downloadable IP ACL names as user names may be clearly identified. AAA log entries for the RAS/NAS device as well as "passed authentication" log entries on the ACS server would indicate that a user with a username based on a Downloadable IP ACL requested and was granted network access.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...