Solved: VPN Audit trail

Mohammed Faiz Mohiuddin · ‎09-15-2013

Dear Netpro Friends,

I am using Cisco ACS 5.1 to authenticate our VPN users who connect to our different servers. Some users connect to Databse, some connect to web services etc. Is there a feature or function withing ACS to audit trail the users to keep track of what they did while they were connected. If not then please guide me which third party device or software to use for this.

Thanks and Regards

Faiz

Peter Koltl · ‎09-17-2013

You can use Balabit Shell Control Box to record all activity

View solution in original post

maldehne · ‎09-15-2013

Anything related to tracking using AAA architecture should be done through Accounting.

Accounting records and the details included depends on the impelementation of your AAA client.

You need to know the capabilities of your AAA client and direct the records to your ACS where you can

view the contents and look if they have what you are looking for or not.

--------------------------------------------------------------------------------------

Please make sure to rate correct answers

Mohammed Faiz Mohiuddin · ‎09-15-2013

Hi Maldehne,

Thanks for your post. Is there any specific third party vendors who do this kind of Audit Trailing for VPN activity or any such remote access monitoring.

Regards

Faiz

Jatin Katyal · ‎09-16-2013

With Radius accounting configured under the tunnel-group, all you can see "START" and "STOP" Packet like when user authenticated succssfully and when he disconnected gracefully.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Mohammed Faiz Mohiuddin · ‎09-16-2013

Hi Jatin,

Thanks for the reply. But I was looking for something very granular. I was wondering if we can monitor and report about where and what the VPN user did after connecting remotely. After connecting remotely most of our users RDP to systems, HTTP / HTTPS to systems etc.

Regards

Faiz

Peter Koltl · ‎09-17-2013

You can use Balabit Shell Control Box to record all activity