Solved: active monitoring of remote access vpn connections

donnie · ‎04-15-2012

Hi all,

I am using asa 5520 and asa 5540 for remote access vpn connections. Is it possible to do active monitoring of my vpn connections so that there would be alerts for vpn tunnels that fail to establish due to other reasons other than user authentication? Pls advise. Thks in advance.

andrew.prince · ‎04-16-2012

Kiwi Syslog will work fine - as long as you have a licensed version, a "free" ver does not support the email extras.

See the below url and search for "VPN" you will see which VPN syslog codes you can choose from.

http://www.cisco.com/en/US/docs/security/asa/asa83/system/message/logmsgs.html

HTH>

View solution in original post

andrew.prince · ‎04-16-2012

I use a linux syslog-ng server - that the ASA's send syslogs messages to. On the Linux server I watch for specific key words in the syslog messages, when one is triggered the syslog server sends me an email.

HTH>

donnie · ‎04-16-2012

Hi Andrew,

Thk you for your reply. So i can also use syslog tools like kiwi syslog. But what are the key words for vpn would you use? Thk you

andrew.prince · ‎04-16-2012

Kiwi Syslog will work fine - as long as you have a licensed version, a "free" ver does not support the email extras.

See the below url and search for "VPN" you will see which VPN syslog codes you can choose from.

http://www.cisco.com/en/US/docs/security/asa/asa83/system/message/logmsgs.html

HTH>

donnie · ‎04-18-2012

Hi Andrew,

Cool! So i can do logs filtering with the specfic VPN syslog codes to see if my VPN connections are having any problems especially for new deployment. Thk you so much!

andrew.prince · ‎04-18-2012

Sure no problem - happy to help.