12-11-2006 03:20 AM - edited 02-21-2020 01:20 AM
Hi,
Requirement:
I want to parse & analyze the Cisco VPN 3000 Concentrator logs and provide the report for the happenings using the log.
Issue:
I am able to get the traffic split up for Cisco Pix501 thro' it's logs for the VPN connections. But in Cisco3000VPN Concentartor, i am not able to get the traffic details for any PPTP/IPSec connections. It simply provide the overall traffic log when the seeion is closed. For example below is my traffic log,
<189>14014 07/23/2004 19:16:24.640 SEV=4 AUTH/28 RPT=41 192.168.101.41 User [sarav] Group [Base Group] disconnected: Session Type: PPTP Duration: 0:16:37 Bytes xmt: 216 Bytes rcv: 38023 Reason: User Requested
My Question:
Is there any configuration/solution available to get the live traffic[traffic split up] thro' that VPN connection for Cisco3000VPN Concentartor?
Please help me in getting this issue resolved.
Thanks to all helping me to resolve the issue.
Thanks.
12-18-2006 07:50 AM
Enable split tunneling on the VPN Concentrator.
Navigate to Configuration > Traffic Management > Policy Management > Network Lists and create a network list to define the traffic you want to pass across the tunnel.
Go to Configuration > User Management > Groups, select the group and click MODIFY.
Click the Mode/Client Config tab, and set up the split tunneling.
Point the VPN Concentrator's tunnel default gateway to a router on the inside. Access this setting by navigating to Configuration > System > IP Routing > Default Gateways
12-19-2006 06:26 AM
Hi Thomas,
Thank you for your prompt reply. My problem is not yet resolved after following your configuration changes. Split tunneling allows me to reach other LAN networks which is not configured in Cisco VPN Concentrator as local proxy server.
My environment is like the one below, user can connect thro' Cisco VPN concentrator to reach 192.168.230.0 network. After connecting thro' VPN Client, I can Telnet & FTP one of the machine 192.168.230.120. But the Telnet & FTP transaction logs still not printed in logs. It only gives the consolidated Sent & RCVD bytes when i disconnect the client.
Hope my requirement is clear now. Please help me in getting the logs that i need.
Thanks.
12-26-2006 10:53 AM
hi
i think that you know that there is several level to log into your log server starting i think from 0 trough 7 i think the last one is debugging , if you enable the last one you will get all what under that number i.e logging level 7 give you also 6 5 4..1 but if you log 2 you will get 2 1.. and not 3 4 5 6... so try to do a research on that subject and enable the appropriate one i think you will get all your loggings.
HTH
Pls do rate the post if it does help
01-04-2007 01:45 PM
You get the details from the Pix logs not because of VPN functionality but because the Pix is a stateful device the manages and logs each and every session.
The VPN 3000 is not stateful or session aware. The best you could do is provide packet level logging, but this would generate enormous log files that would need to be statistically analyzed to provide useful information.
Your best options are to run their traffic through a Pix firewall for the session logging, use the first hop router inside the network that can provide Netflow export for analysis, or use a probe to monitor the traffic that can discern the indivdual flows. For the last two, ntop can analyze netflow of mirrored sessions to provide protocol analysis by src/dest IP, top protocols used, etc.
-Shannon
01-07-2007 02:10 AM
Hi,
You should enable accounting on your VPN Concentrator to a Radius Server.
This will not affect the authentication or normal access of the clients.
Please rate if this helped.
Regards,
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide