I know I can control access to a VPN using ACL and restrict client and protocols, is there a way I can get it to require a user to enter a username/password and log this to syslog when they use a tunnel?
It is possible with vpn 3002 concentrator running minimum 3.5. codes. So, I believe this explanation in vpn 3002 concentrator will be helpful for you also in the 1841 router.
In vpn 3002 concentrator, Under "Client Hardware parameters tab" , there is an option called "Require Individual User Authentication" . Check the "Require Individual User Authentication" check box to enable individual user authentication.
Individual user authentication protects the central site from access by unauthorized persons on the same LAN as the VPN 3002.
When you enable individual user authentication, each user that connects through a VPN 3002 must open a web browser and manually enter a valid username and password to access the network behind the VPN Concentrator, even though the tunnel already exists.
You cannot use the command-line interface to log in if user authentication is enabled.
You must use a browser.
If you have a default home page on the remote network behind the VPN Concentrator, or direct the browser to a website on the remote network behind the VPN Concentrator, the VPN 3002 directs the browser to the proper pages for user login. When you successfully log in, the browser displays the page you originally entered.
If you try to access resources on the network behind the VPN Concentrator that are not web-based, for example, email, the connection will fail until you authenticate.
To authenticate, you must enter the IP address for the private interface of the VPN 3002 in the browser Location or Address field. The browser then displays the login screen for the VPN 3002. Click the Connect/Login Status button to authenticate. One user can log in for a maximum of four sessions simultaneously.
Individual users authenticate according to the order of authentication servers that you configure
for a group. To configure authentication servers for individual user authentication, see the sections,
Configuration | User Management | Base Group/Groups | Authentication Servers | Add/Modify
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...