Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Reporting failed logins

How can I report on failed login attempts through our ASA 5515's using AnyConnect?

1 REPLY
Cisco Employee

Reporting failed logins

Michael,

In practical terms, ASA has limited capabilities to store this kind of information.

The best way to check this is on the AAA server you're using or by filtering syslogs.

ASA itself will store counters of how many authentications took place, how many succeeded etc. on a per-server basis.

Even the local server will store some info.

Example:

ASA# show aaa-server

Server Group:    LOCAL

Server Protocol: Local database

Server Address:  None

Server port:     None

Server status:   ACTIVE, Last transaction at 14:07:19 UTC Thu Oct 3 2013

Number of pending requests              0

Average round trip time                 0ms

Number of authentication requests       16888

Number of authorization requests        0

Number of accounting requests           0

Number of retransmissions               0

Number of accepts                       13

Number of rejects                       16875

Number of challenges                    0

Number of malformed responses           0

Number of bad authenticators            0

Number of timeouts                      0

Number of unrecognized responses        0

Best place to get details are your syslogs and AAA server reports.

Syslog messages:

http://www.cisco.com/en/US/docs/security/asa/syslog-guide/logmsgs.html

M.

230
Views
0
Helpful
1
Replies
CreatePlease login to create content