We’re currently (and have been) able to log VPN access through our firewall for our IPSEC clients via RADIUS in MS InternetAuthentication Service (IAS) on our domain controller. However, moving forward with LDAP authentication, we need a replacement for this functionality. We need to log account, IP address, start and stop times. I’ve done a quick Internet search of ASA Logging (VPN) without success. I’ve also tried to find a place to configure this in ASDM on theASA without success. Is this possible without 3rd partysoftware via ASDM? If not, what scripting 3rd party tools would you recommend?
There are two vehicles available for logging user sessions. The method that makes most sense is to continue to use RADIUS accounting. This can be used even if the authentication method is no longer RADIUS. The other option is to leverage syslog for this purpose, but that is a lot less desirable as normal commercial products will not parse these syslog messages in to a useful format for running reports.
Hope this helps!
Syslog-ng can be used for capturing syslog and you can use scripts to pull information out of general logs into a usable format, requires some basic linux scripting ability. Solarwinds Kiwi Syslog is a windows based tool that has some basic filtering that is more of a point and click gui.
You could also deploy CD-Agent (AD_Agent) and configure your ASA for Identity Firewall.
This would allow mapping of user to IP, and you could then correallte Radius Start_Stop, with the Identity FW Logs.
For information just google "ASA Identity Firewall with AD Agent"