cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10904
Views
0
Helpful
10
Replies

VPN Logs

Navaz Wattoo
Level 1
Level 1

     hey

i configure a vpn at asa 5510 and i want to check the all the logs with time and date that people are conected through vpn           

Navaz       

Navaz
1 Accepted Solution

Accepted Solutions

here is a guide on how to configure it in the ASDM.  but in step 3 choose Flash instead of the FTP option

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b83d04.shtml#basicsyslog

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

10 Replies 10

Marcin Latosiewicz
Cisco Employee
Cisco Employee

RADIUS accounting for VPN is the best way to achieve those.

can you send me the configuration?

Navaz

Navaz

This can be done using both RADIUS and TACACS+.  The link below has a configuration example.  Keep in mind that this requires an access control server (ACS) server.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b04552.shtml

If you dont have a RADIUS or TACACS+ server then you can send these logs to a syslog server using the logging list command

hostname(config)#logging enable
hostname(config)#logging timestamp
hostname(config)#logging list level debugging class vpn
hostname(config)#logging trap
hostname(config)#logging host inside

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml#capturevpn

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts

listen

i have a 5510 asa and the vpn is configured is at this. i want the daily logs that are connected ASA through vpn.

Thanks and regards

Navaz

Navaz

As far as I know, a summarition of the connected users to be sent to a syslog server or TACACS+ or RADIUS server can not be done.

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts

Here is my asa configuration

ASA(config)# sh running-config

: Saved

:

ASA Version 8.0(2)

!

hostname ASA

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 10.1.1.1 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/4

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/5

shutdown

no nameif

no security-level

no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list 101 extended permit ip any any

pager lines 24

mtu outside 1500

mtu inside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat-control

global (outside) 1 10.1.1.30

nat (inside) 1 192.168.1.0 255.255.255.0

static (outside,inside) 10.1.1.30 10.1.1.2 netmask 255.255.255.255

access-group 101 in interface outside

access-group 101 in interface inside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

!

!

prompt hostname context

Cryptochecksum:a910fcee5200493f2ed21db7bd2f82d6

: end

ASA(config)#

and the diagram

Navaz

Navaz

Have you removed som of the configuration?  There are no logging configurations.

I have provided the configurations for sending syslog messages to a syslog server in one of the above posts.

But as I mentioned, having a summarization of the leased IPs can not be done.  You can however view this by using the commands

show dhcpd bindings

show dhcpd statistics

--
Please remember to select a correct answer and rate helpful posts

config terminal 
logging enable 
logging timestamp 
logging class auth console debugging 
logging class webvpn console debugging 
logging class ssl console debugging
logging class svc console debugging

logging class vpnc console debugging

For WebVPN

For remote access activity,  class webvpn is what you want. Specifically,  message 716001 is for  logon events, and 716002 is for logoff events.

Value our effort and rate the assistance!

i cant understand. i want to configure through asdm

Navaz

Navaz

here is a guide on how to configure it in the ASDM.  but in step 3 choose Flash instead of the FTP option

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b83d04.shtml#basicsyslog

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: