03-27-2012 11:23 PM - edited 03-11-2019 03:47 PM
Hi Guys,
I see that 113011 message id log shows user specific group policy. what is the difference between these two log?
But i see they have different name. 113009 also shows vpn group name which is assigned to that particular user.
<166>Apr 12 2011 20:29:33 AWT-AA : %ASA-6-113011: AAA retrieved user specific group policy (AWA-VPN-GP02) for user = ktakeuchi
<166>Apr 12 2011 20:29:33 AWT-AA : %ASA-6-113009: AAA retrieved default group policy (NOACCESS) for user = ktakeuchi
Regards,
M.Viswesh.
04-01-2012 07:51 AM
http://www.cisco.com/en/US/partner/docs/security/asa/asa82/system/message/logmsgs.html#wp4769477
Here's the syslog explain , you can refer to .
they are same meaning ... i also don't know why so design.
04-02-2012 08:53 AM
Hi Zhongyu,
So which message id I should believe? It is a very critical information for log reporting. I am unable to open the link you have provided, it says forbidden.
Regards,
M.Viswesh
04-02-2012 07:11 PM
113009
Error Message %ASA-6-113009: AAA retrieved default group policy policy for user user
Explanation This message may be generated during the authentication or authorization of an IPSec or WebVPN connection. The attributes of the group policy that were specified with the tunnel-group or webvpn commands have been retrieved.
Recommended Action None required.
113011
Error Message %ASA-6-113011: AAA retrieved user specific group policy policy for user
user
Explanation This event may be generated during the authentication or authorization of an IPSec or WebVPN connection. The attributes of the group policy that was specified with the tunnel-group or webvpn commands have been retrieved.
Recommended Action None required.
04-02-2012 11:18 PM
HI Zhongyu,
Thanks for your reply. The bold words "default group policy" denotes the group policy for that particualr user right? Please correct me if i am wrong. In some cases 113011 log has same name as of 113009.
1) If the names are different, which name i should consider(which group policy is applied to the user)??
Regards,
M.Viswesh
04-03-2012 12:54 AM
Hi , I don't know you use these ID do?
Here's an example I'd like to share:
AAA retrieved default group policy (HomeTest) for user = koya
AAA retrieved user specific group policy (NetAdminGPol) for user = koya
The "default group policy" is the group policy defined on the tunnel-group. [HomeTest]
The "user specific group policy" is the group policy mapped via ldap or radius. [NetAdminGPol]
Any attributes NOT defined in NetAdminGPol will be inherited from HomeTest.
It the attribute is NOT defined in HomeTest then it will be inherited from the DfltGrpPolicy(default global config).
simply put you should define ALL the attributes you want in the NetAdminGPol.
04-11-2012 12:40 AM
Thanks Zhongyu, Apologize for the delayed response.what we basically do is, collect the cisco logs and analyze the information from that. Some times 113011 log doesnot appear, so it means for that user, no specific group policy is applied right? in this scenario, the group name in the log id 113009 denotes what?
Regards,
M.Viswesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide