Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3002
Views
5
Helpful
3
Replies

Log every connection to ASA and router

Go to solution
ccnpwannabe
Level 1
Level 1

‎12-15-2010 01:25 PM - edited ‎02-21-2020 04:11 AM

Hi

I have a Cisco ASA 5520 and a Cisco 3825 router in my network. I want to log every connection made to these devices. There are a few users who have different levels of access to these n/w devices. I want to log all these users and what they actually change and implement in the devices. Is this possible using a TACACS server or any other method pls. I also have read/ write access to these devices. Many thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee
In response to ccnpwannabe

‎12-16-2010 06:08 AM

You can do that also.

You can use auth-proxy (router) cut-through proxy (ASA) to have the user authenticate for connections that he is making and do ACS accounting. But I don't think you need to do that for all connections, only for the ones that require user interaction.

Let us know if that answers the question.

PK

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee

‎12-15-2010 02:26 PM

You can log every "Built connection" syslog on the ASA.

On the router you can log an ACL line that says "permit tcp any any syn log".

So you will be looking into your syslogs server for these syslogs.

I hope it helps.

PK

Go to solution
ccnpwannabe
Level 1
Level 1
In response to Panos Kampanakis

‎12-16-2010 04:56 AM

Hi how abt installing a TACACS server. any suggestions

0 Helpful

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee
In response to ccnpwannabe

‎12-16-2010 06:08 AM

You can do that also.

You can use auth-proxy (router) cut-through proxy (ASA) to have the user authenticate for connections that he is making and do ACS accounting. But I don't think you need to do that for all connections, only for the ones that require user interaction.

Let us know if that answers the question.

PK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card