We hope to enable network access authentication on my ASA firewall to allow user access to Internet after authentication. Can ASA provide either the network access log with user information or user-IP mapping information?
When I was logging VPN access on an ASA I used a syslog server. I can't remember exactly what information it showed, but I know the ASA shows the IP address assigned to the user when they log into the VPN. Is that what you are looking for or do you want to have people authenticate a second time to be able to access the internet after authenticating to the VPN?
We hope intranet user must authenticate before access to Internet, and keep network access log for intranet user with userid information, not only IP address.
Unfortunately I don't think this is possible, but I could be wrong. The only thing that I could think of doing is setting up a web proxy and using the ASA to point VPN users to that. Then you could require login and get detailed reports on each users, which something I am almost certain you will not get out of the ASA. Some open source ones to look into are Squid and Untangle. I personally have used Untangle before and it is not bad for free software, but I have not used it as a proxy or to require a login so I can't be much more help. Good luck finding a solution that works for you and if you find something that works on the ASA I would be interested in knowing what it was.