Hi everyone!

I've a problem with ASA Remote Access VPN reporting. I would to simply reporting VPN RA connections, when a user login and logoff from the ASA of my company, with a printout of the time that remained connected throughout the day. Simply to say.

I've configured then our ASA with syslog directed toward a server who have installed Firewall Analyzer ManageEngine software with the following commands:

logging enable
logging timestamp
logging emblem
logging trap informational
logging device-id ipaddress inside system
logging host inside 192.168.10.10 format emblem

All works fine. All the logs are redirected correctly to the server who report correctly the VPN connections. What it does not works is the delay that the ASA take before report a VPN connection. For example (in attachment), if I try to connect my PC at RA VPN through the ASA with Cisco VPN Client with the username "cgigi", and immediately disconnect, the report awaits at least 5 minute before to appear on the screen.

different, instead, is if I can try to connect in VPN on my ASA with AnyConnect. In that case, the report immediately appear on the screen when I logout, even if I remained connected only few seconds. All the connections make by old Cisco VPN Client (or IKEv1 protocol) are reported with a delay of at least 5 minutes.

This behavior is not good for security purpose, because I need to know exactly when a user has been connected in our network.

Also, I would like to separate, changing syslog messages if poissible, the session type "LAN-to-LAN", from the session type "IPSecOverNat" (see raw log), in such a way to have only the "IPSecOverNat" connections reported.

Thank's in advance for the support.

Luigi Celeste