Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
4
Replies

Best way to see remote users' internal IPs?

bill.higgins
Level 1
Level 1

‎09-10-2003 09:40 AM - edited ‎03-09-2019 04:44 AM

We need to see the internal IPs of our remote access users. Currently, our VPN Concentrator 3000 gives out addresses from an address pool. Groups are not configured to give addresses. (We use an RSA server for authentication, and all remote users employ RSA tokens). Is using the address pool the easiest way to manage the addresses? We've had no problems with it, except that I can't get those addresses to report to the syslog, where we can track them paired up with a user name. Does anyone know how? And is this the best way to issue internal IP addresses so they can report to syslog?

Labels:
0 Helpful
4 Replies 4

bwalchez
Level 4
Level 4

‎09-17-2003 06:37 AM

Well you cannot configure the VPN concentrator as an DHCP server, else that might have solved your problem.

0 Helpful

bill.higgins
Level 1
Level 1
In response to bwalchez

‎09-17-2003 12:45 PM

Thanks for the reply.

If I used an external DHCP server (on the same segment as the VPN Concentrator, for example), would those given addresses find their way into the syslog?

0 Helpful

bbenton
Level 1
Level 1

‎09-18-2003 03:53 AM

We're using the concentrator pool, and logging event severity 1-4 to syslog. We get both client ip addresses to syslog. It's a bit chatty but it works.

0 Helpful

bill.higgins
Level 1
Level 1
In response to bbenton

‎09-18-2003 01:09 PM

Success! I've worked it out with your suggestion to turn up logging to 1-5. By a process of elimination, I figured that IKE is the event that is needed to capture the assigned address, and that's all it took. You wouldn't think IKE would be the one, but it is. I can't see that it should matter which pool of addresses it pulls from - whether setup globally, or by group; but that could be possible. We're using 'by group' now, and we can see the 'Assigned Address'.

Just for clarity on this issue, what I've been looking for is one of the two addresses that can be seen in the Monitoring>Sessions screen in the column with "Assigned/Public IP Addresses". It's the 'Assigned' one I'm after, so that I can track usage on our internal systems. This address is almost always a private address these days.

Since we're also getting the Public address of the remote user as assigned by his ISP, I don't think that NAT is interfering in this case - our DMZ topology avoids it. But I can certainly see how it could.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents