I'd like to be able to log when a user connects/disconnects to our IPSec VPN running on a Cisco 2821 router. Can anyone point me in the right direction?
Syslog would certainly do it. You would then have to filter your syslog on the event, but it's do-able (and cheap). I would assume that Cisco Security Manager could do it, but that might be too expensive for your environment.
I'm assuming you are running ezvpn on the router. If that's the case, you could probably use the "crypto logging ezvpn group" command to log user sessions. If you are also using an external AAA server for user authentication, you could also use aaa accounting for this purpose as well.
Thanks guys, I've got logging directed at a syslog server. Wen, you're right, we are using ezvpn, alongside an IPSec VPN for unix clients. I'll give "crypto logging ezvpn group" a shot, is there something similar for the IPSec half?
