Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
dilip
dilip
Community Member
‎09-18-2000 06:50 AM
‎09-18-2000 06:50 AM

VPN Audit

I have set up a VPN tunnel, using IPSEC, between 2 sites using the Internet as the backbone. I am using a Cisco 7200 and Cisco 3640 to form the VPN tunnel.

Questions:

1.Is it possible to restrict the number of users using this VPN tunnel to access the resources in the main site.I am currently emplying NAT to do this. But is there a better solution.

2. Can I audit the users using the VPN tunnel.

Thanks in advance!

0 Helpful
Reply
5 REPLIES
a-vazquez
a-vazquez Silver
Silver
‎09-29-2000 01:42 PM
‎09-29-2000 01:42 PM

Re: VPN Audit

1. It's possible to use your AAA server to "authorize" only specific users access to the other site.

2. What type of auditing are you looking to do? You can have your AAA server do some accounting as well.

0 Helpful
Reply
flybird
flybird
Community Member
‎10-02-2000 07:13 AM
‎10-02-2000 07:13 AM

Re: VPN Audit

Could you give me a sample how to configure authorizing and accounting?

Thanks.

0 Helpful
Reply
ptroyer
ptroyer
Community Member
‎11-10-2000 10:25 AM
‎11-10-2000 10:25 AM

Re: VPN Audit

Here are the entries for AAA that I have in my 2600 that is used as a RAS server. The last line is the one that gives me accounting entries for Start Stop and bytes transferred, etc. These entries will not work for a PIX. Does anyone have the entries necessary to do accounting through AAA on a PIX VPN solution?

aaa new-model

aaa authentication login default tacacs+ local

aaa authentication ppp default if-needed tacacs+

aaa authorization network default tacacs+

aaa accounting network default start-stop tacacs+

0 Helpful
Reply
lisa.hall
lisa.hall
Community Member
‎11-17-2000 07:19 AM
‎11-17-2000 07:19 AM

Re: VPN Audit

The Syntax is very different on the PIX. Use the ’aaa accounting include’ command with the ‘acctg_service’ option. With ‘acctg_service’ you can specify the protocol/port for accounting. The default of any only runs accounting output on all TCP services. To get accounting for esp or udp and other protocols you must specify them verbatim.

0 Helpful
Reply
lisa.hall
lisa.hall
Community Member
‎11-17-2000 07:13 AM
‎11-17-2000 07:13 AM

Re: VPN Audit

One option you have is to restrict users via your access-list if you don’t want them using tunneling. If your concern is too many users using tunneling at one time I’d look into doing some traffic shaping and queuing with QoS. I know IOS has that capability. I haven’t had to do any of that on my network but maybe someone else here has.

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
445
Views
0
Helpful
5
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
75
36
75
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
25
2
25
All Blogs