Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How can enable log on ASA 5510 for VPN client access?

Dear All,

i have ASA 5510 and i was configur VPN client already but i want to see log when my client connect VPN client ?

How can i know information when they connect? i just to know that we can enable log on ASA but when we enable log all information come but i want to know on client access into ASA?

Best Regards,

Rechard

3 REPLIES

Re: How can enable log on ASA 5510 for VPN client access?

Rechard,

Browsing the community I found this:

You can send all the syslog messages for remote vpn client only to your syslog server as follows:

logging list vpn-log level debugging class vpnc
logging trap vpn-log

OR/ alternatively, if you know exactly which syslog messages you are after, you can configure it this way:

logging list vpn-list message 611101

logging trap vpn-list

The vpn client syslog is within the 611xxx range, and here is the syslog for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4774570

Hope that helps.

Federico.

New Member

Re: How can enable log on ASA 5510 for VPN client access?

Dear Federico.

you mean that when i apply command as below, so i can see my user connect to ASA right?

logging list vpn-log level debugging class vpnc
logging trap vpn-log

Best Regards,

Rechard

Re: How can enable log on ASA 5510 for VPN client access?

Well, that example show enabling the logs to be sent to a syslog server.

You can check your logs on a syslog server (recommended), or in the buffer on the ASA itself for example.

Either way, the idea is to enable only the logs particularly to the VPN clients which are in the range mentioned.

Here are two examples:


611307

Error Message    %PIX|ASA-6-611307: VPNClient: Head end : IP_address
Explanation    The VPN client is connected to the specified headend.

611309

Error Message    %PIX|ASA-6-611309: VPNClient: Disconnecting from head end and
uninstalling previously downloaded policy: Head End: IP_address

Explanation    A VPN client is disconnecting and uninstalling a previously installed policy.

Federico.

4670
Views
0
Helpful
3
Replies