I have several profiles of RA VPN
In all of them I use the traffic filter option.
In addition, I have the "Bypass Access Control policy for decrypted traffic" ticked.
The problem I have is that I do not see the logs of VPN activity in the events. I only see some events to the broadcast IP or the Gateway IP of the VPN.
Is there sth I have to enable?
Or If the Events are not the place to see the activity of the VPN, where should I see it?
The extended access lists I use have the logging enabled.
I believe you can see these log in Devices > VPN > Troubleshooting
If you want these logs sent to a syslog server, you need to configure this under Platform Settings > Syslog > Logging
Exactly what type of traffic related events are you looking for?
There are a couple other places you can look. Under Analysis > Users > Active Sessions provides info on the user, the AnyConnect client they are using, public IP, etc.
Under Analysis > Users > User Activity provides connection duration details, throughput, details, etc.
I would like to see the traffic allowed or blocked on a user
For example I have an access list on traffic filter that allows only RDP.
This traffic was blocked and I could not see why.
Where could I see that kind of traffic?
Hmm...I wonder if it is the "Bypass Access Control policy for decrypted traffic" that is the issue here. I suggest, if possible, to create an ACP entry that matches your VPN traffic allowing what you want them to be able to reach on your inside network and enable logging on that entry. You should then be able to see this traffic in connection events.
Otherwise, if that is not what you want, I do not believe it is possible to view the traffic other than what I posted earlier.