04-14-2008 11:16 AM - edited 02-21-2020 03:40 PM
Hi, I'm moving my IPSec VPN's from my Cisco Concentrator to my ASA 5520. I log (to a syslog server) users that logon and logoff, how can I do this on the ASA?
04-15-2008 07:47 AM
I have all traffic from my ASA logged via syslog, then I filter in my syslog server what I want to see:-
logging enable
logging buffer-size 14096
logging buffered debugging
logging trap debugging
logging facility ##(used by my syslog server to filter)
logging host <
My syslog see's:-
%ASA-6-602304: IPSEC: An inbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been created.
%ASA-6-602304: IPSEC: An outbound remote access SA between x.x.x.x and x.x.x.x (user= UID) has been deleted.
HTH
04-16-2008 12:32 AM
Thanks, does having the ASA set to full debug mode put strain on the ASA? There must be millions of logs come in?
04-16-2008 12:40 AM
We run a pair of ASA5540's (1gb mem, 256mb flash) we have 60 L2L VPN tunnels terminated, and a min of 100 Remote Access VPN's daily. We run the L2L with 3DES, and the Remote VPN with AES. At peak times, the CPU creaps up to 5% and memory is 90% free.....having them run the traps and logs in debug mode does not affect our ASA's.
Depending on the models you have - you might want to test the traps levels first and see the impact.
HTH
04-16-2008 01:01 AM
wow, that's a lot of traffic and not much pressure on your ASA's, I will use your CLI your posted on ours and see what happens.
04-16-2008 01:05 AM
no problem - glad to help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide