cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
2
Replies

Monitoring VPN Client Connections

bretcollins
Level 1
Level 1

Is there a way to get a PIX to log what vpngroup is used when creating a VPN connection? Syslog is recording PIX-4-602301 when the SA is created but it doesn't say which group was used. I could even get what I needed if I knew what IP address the PIX issued. I changed the logging level to informational and while I get more information it's still not what I need. Thanks.

2 Replies 2

s-doyle
Level 3
Level 3

show vpngroup [group_name] helps you find the group name on the PIX.

I know what my vpngroup names are, I want them to be recorded in syslog messages.

Here is an example

%PIX-4-602301: sa created, (sa) sa_dest= 12.227.x.x, sa_prot= 50, sa_spi= 0x9133272c(2436048684), sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 17

I know that is me connecting to the PIX, but only because I know that is my address. If I didn't know whose address (12.227.x.x) belonged to, I would have no way to find out which vpngroup was used. I am looking for a way to say 'vendor x logged into the VPN at date/time and was on for y minutes'. All I have now is that someone logged in at date/time and connected for y minutes, but I don't which vendor it was.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: