Showing results for 
Search instead for 
Did you mean: 

Best way to see remote users' internal IPs?

We need to see the internal IPs of our remote access users. Currently, our VPN Concentrator 3000 gives out addresses from an address pool. Groups are not configured to give addresses. (We use an RSA server for authentication, and all remote users employ RSA tokens). Is using the address pool the easiest way to manage the addresses? We've had no problems with it, except that I can't get those addresses to report to the syslog, where we can track them paired up with a user name. Does anyone know how? And is this the best way to issue internal IP addresses so they can report to syslog?


Well you cannot configure the VPN concentrator as an DHCP server, else that might have solved your problem.

Thanks for the reply.

If I used an external DHCP server (on the same segment as the VPN Concentrator, for example), would those given addresses find their way into the syslog?


We're using the concentrator pool, and logging event severity 1-4 to syslog. We get both client ip addresses to syslog. It's a bit chatty but it works.

Success! I've worked it out with your suggestion to turn up logging to 1-5. By a process of elimination, I figured that IKE is the event that is needed to capture the assigned address, and that's all it took. You wouldn't think IKE would be the one, but it is. I can't see that it should matter which pool of addresses it pulls from - whether setup globally, or by group; but that could be possible. We're using 'by group' now, and we can see the 'Assigned Address'.

Just for clarity on this issue, what I've been looking for is one of the two addresses that can be seen in the Monitoring>Sessions screen in the column with "Assigned/Public IP Addresses". It's the 'Assigned' one I'm after, so that I can track usage on our internal systems. This address is almost always a private address these days.

Since we're also getting the Public address of the remote user as assigned by his ISP, I don't think that NAT is interfering in this case - our DMZ topology avoids it. But I can certainly see how it could.

Recognize Your Peers
Content for Community-Ad