Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3225
Views
0
Helpful
2
Replies

FMC/FTD list of RA VPN sessions

Go to solution
sasha
Level 1
Level 1

‎03-30-2020 03:36 AM

Hello. We have a redundant pair of FTD 2110 managed by a virtual FMC. RA VPN users connect to the FTD using AnyConnect. They are authenticated using a RADIUS server.

We need to have a list of RA VPN sessions: at least username, login time, logout time and assigned IP.

But on FTD, we only have a list of currently active sessions, I don't know whether we can get a list of previous sessions. On FMC, Analysis -> Users -> Active Sessions displays only a subset of them!?! Also, Analysis -> Users -> Users and Analysis -> Users -> User Activity display only a subset of host history and activities.

How to correct that? How can we get the needed list of sessions?

Is it possible to log user events to an external syslog server, and how to set that up? Maybe that would help to collect all the data we need.

Thanks and best regards.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-30-2020 03:46 AM

Hi,

The FMC does not currently provide a lot of session information. You have 2 options, use RADIUS as the authentication server, this will have the information you require (login, logoff etc). If you wish to use syslog, refer to this guide.


HTH

View solution in original post

0 Helpful

Go to solution
sasha
Level 1
Level 1
In response to Rob Ingram

‎03-30-2020 11:38 AM

Hi! Thanks for the idea. We already had been using RADIUS as the authentication server, but now we turned on logging of authentication and accounting on the RADIUS server. Logs are rather large but contain all the info we need. We had to turn on accounting in order to see framed IP addresses and logouts. (We use pools on FTD to assign IP addresses.) Thanks again and best regards.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎03-30-2020 03:46 AM

Hi,

The FMC does not currently provide a lot of session information. You have 2 options, use RADIUS as the authentication server, this will have the information you require (login, logoff etc). If you wish to use syslog, refer to this guide.


HTH

0 Helpful

Go to solution
sasha
Level 1
Level 1
In response to Rob Ingram

‎03-30-2020 11:38 AM

Hi! Thanks for the idea. We already had been using RADIUS as the authentication server, but now we turned on logging of authentication and accounting on the RADIUS server. Logs are rather large but contain all the info we need. We had to turn on accounting in order to see framed IP addresses and logouts. (We use pools on FTD to assign IP addresses.) Thanks again and best regards.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card