12-15-2010 01:25 PM - edited 02-21-2020 04:11 AM
Hi
I have a Cisco ASA 5520 and a Cisco 3825 router in my network. I want to log every connection made to these devices. There are a few users who have different levels of access to these n/w devices. I want to log all these users and what they actually change and implement in the devices. Is this possible using a TACACS server or any other method pls. I also have read/ write access to these devices. Many thanks
Solved! Go to Solution.
12-16-2010 06:08 AM
You can do that also.
You can use auth-proxy (router) cut-through proxy (ASA) to have the user authenticate for connections that he is making and do ACS accounting. But I don't think you need to do that for all connections, only for the ones that require user interaction.
Let us know if that answers the question.
PK
12-15-2010 02:26 PM
You can log every "Built connection" syslog on the ASA.
On the router you can log an ACL line that says "permit tcp any any syn log".
So you will be looking into your syslogs server for these syslogs.
I hope it helps.
PK
12-16-2010 04:56 AM
Hi how abt installing a TACACS server. any suggestions
12-16-2010 06:08 AM
You can do that also.
You can use auth-proxy (router) cut-through proxy (ASA) to have the user authenticate for connections that he is making and do ACS accounting. But I don't think you need to do that for all connections, only for the ones that require user interaction.
Let us know if that answers the question.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide