Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
0
Helpful
2
Replies

Cisco AnyConnect - syslog

theitmedic
Level 1
Level 1

‎08-15-2019 08:00 AM

I am using the Cisco AnyConnect client communicating to a Cisco ISR4331 device to access the back end LAN infrastructure. I have "logging trap" enabled but I'm not able to log users connecting with AnyConnect. It's not generating syslog messages for AnyConnect users for their particular login id(s). Is there something else that I have to enable to capture syslog messages for users connecting with AnyConnect?

 

GW

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎08-15-2019 08:28 AM

Hi, I am using FlexVPN Remote Access VPN on my ISR router using certificate authentication. I have the following logging commands configured:-

 

logging trap debugging
logging facility syslog
logging host 192.168.10.60

 

The following syslog message below is generated, and this is sent to the syslog server.

 

%CRYPTO-5-IKEV2_SESSION_STATUS: Crypto tunnel v2 is UP. Peer x.x.x.x:49663 Id: cn=username,cn=Users,dc=lab,dc=local

 

 HTH

0 Helpful

theitmedic
Level 1
Level 1
In response to Rob Ingram

‎08-15-2019 09:28 AM

Here is what I see in the syslog when I entered "logging trap debugging" and "logging facility syslog"

I don't see the cn=username. The id is the  identity remote key-id

 

  • Aug 15 12:22:05.734 EDT: %CRYPTO-5-IKEV2_SESSION_STATUS: Crypto tunnel v2 is UP. Peer 192.168.10.1:57671 Id: xxxxxxx
  •  
    Aug 15 12:22:06 ROUTER 451: Aug 15 12:22:05.744 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
0 Helpful
Customers Also Viewed These Support Documents