We need to see the internal IPs of our remote access users. Currently, our VPN Concentrator 3000 gives out addresses from an address pool. Groups are not configured to give addresses. (We use an RSA server for authentication, and all remote users employ RSA tokens). Is using the address pool the easiest way to manage the addresses? We've had no problems with it, except that I can't get those addresses to report to the syslog, where we can track them paired up with a user name. Does anyone know how? And is this the best way to issue internal IP addresses so they can report to syslog?
Success! I've worked it out with your suggestion to turn up logging to 1-5. By a process of elimination, I figured that IKE is the event that is needed to capture the assigned address, and that's all it took. You wouldn't think IKE would be the one, but it is. I can't see that it should matter which pool of addresses it pulls from - whether setup globally, or by group; but that could be possible. We're using 'by group' now, and we can see the 'Assigned Address'.
Just for clarity on this issue, what I've been looking for is one of the two addresses that can be seen in the Monitoring>Sessions screen in the column with "Assigned/Public IP Addresses". It's the 'Assigned' one I'm after, so that I can track usage on our internal systems. This address is almost always a private address these days.
Since we're also getting the Public address of the remote user as assigned by his ISP, I don't think that NAT is interfering in this case - our DMZ topology avoids it. But I can certainly see how it could.
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Juniper EX 2300 switch to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnec...
At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple pr...
This article describes the set of logs that can be verified related to SI feeds, starting from configuring to periodic updates.
The information in this document is based on Cisco FMC and FTD that runs software Version 6.6.5 or later.