09-24-2009 07:44 AM - edited 03-10-2019 04:42 PM
Is there a way to log when users login and out of the VPN? I know with ASDM you can see currently logged on users and other stats about the sessions in progress but I need to verify if someone says "I was logged in last night working" than in fact they were. We are doing AD authentication and the IAS server logs minimal data but the time stamps don't give times logged in. It will show user logging in and then logging off at the same time. Any ideas?
09-24-2009 08:12 AM
Hi,
Since you are using IAS server you need to configure your IAS server to track accounting information (such as logon and logoff records) to maintain records for billing purposes.
Here is a MS article to configure the same on IAS:
http://technet.microsoft.com/en-us/library/cc783783(WS.10).aspx
On the ASA, this is what you need:
Go to the tunnel-group and add this command
accounting-server-group
If you want to see online users, you may run this command on the CLI:
Show vpn-sessiondb webvpn
HTH
Regards,
JK
09-24-2009 10:30 AM
Thanks. Question on the ASA command. Do I just go into config mode and type "tunnel-group accounting-server-group"? Or just replace that with the actual group name?
09-24-2009 10:37 AM
Hi,
To specify the aaa-server group for sending accounting records, use the accounting-server-group
command in tunnel-group general-attributes configuration mode. for which your users are connecting and you want accounting start-stop records.
Like this:
hostname(config)# tunnel-group xyz general
hostname(config-general)# accounting-server-group aaa-server123
HTH
Regards,
JK
09-24-2009 11:47 AM
ah, thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide