ASA 5506 AnyConnect VPN Session logs

scottdavidson3 · ‎03-17-2020

We have an ASA 5506 v9.10 configured to allow Cisco AnyConnect VPN connections for any user within AD that is a member of the VPN security group. Although I can monitor live VPN connections using the ASDM (7.13) I need to be able to view VPN session connects and disconnects going back a week or so. Is this possible and if so can anyone shed some light on how to go about this please? I've searched online and only found old URL's from around 9 years ago giving example ID's from syslog which do not appear to be valid anymore. Thanks in advance!

Rob Ingram · ‎03-17-2020

Hi,

If you wish to use syslog to identify logon and logoff events, refer to this post here. It describes how to configure and lists the syslog messages for logon and log events. Correlate that with this ASA 9.10 syslog messages guide.

Alternatively you could use a RADIUS server to authenticate the users, this will log the connections and enable you to easily run reports.

HTH

Cristian Matei · ‎03-17-2020

Hi,

If you want to see Anyconnect session connects and disconnects, you can achieve this via RADIUS accounting or syslog messages. For syslog messages, use the classes of "vpn", "svc", and "webvpn" and send it to syslog:

logging class webvpn debugging

logging class svc debugging

logging class vpn debugging

For RADIUS accounting, define your RADIUS servers, and configure "accounting-server-group" pointing to your RADIUS server, under the tunnel-group.

Regards,

Cristian Matei.

scottdavidson3 · ‎03-30-2020

Thanks both for the replies, I'm a complete noob with Cisco ASA equipment so will look into the above and hopefully be able to sort it out.