Best regards
I have a Firewall ASA 5520 with this features:
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(3)
=======================================================
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has an ASA 5520 VPN Plus license.
==============================================================================
The problem is with traps generated by ASA for VPN logged Users. Until now, i've seen that in syslog server (SIEM) to collect log event, it can collect when users in network remotely (succesful entries) but it does not provide when unsuccessful attempts (entries) occur. This is very important to know when there is attack intention and take countermeasures.
I'll appreciate your orientation in this case. How gather this syslog information? What would be the trap to configure? Or Other method exists to collect this securuty info? Or with upgrade software in this ASA we can to remediate this detail?
Thanks very much for comments and help.
EProsper
