Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
10
Helpful
5
Replies

How to generate syslog for VPN user connection - Cisco router IPsec Ikev1

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎03-15-2018 05:31 AM - edited ‎03-12-2019 05:07 AM

Hi, 

My client wants to keep records as of when and who was started the VPN from remote to the office. He is using Cisco 2901 router with "155-3.M5" IOS. 

Actually, he wants to see  "who and when" was login by VPN from the remote. He is using local aaa accounts for VPN login. 

Currently, he can see the Virtual interface was come up and went down. 

 

03-15-2018 16:24:34 Local7.Notice 10.10.XX.1 619144: 620122: Mar 15 2018 16:24:33.492: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
03-15-2018 16:24:34 Local7.Notice 10.10.XX.1 619143: 620121: Mar 15 2018 16:24:33.416: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down

 

Please suggest a solution.  

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni
In response to Rob Ingram

‎03-15-2018 06:47 AM

Hi, 

thanks for your reply. We got the solution. actually, it is ezvpn and I enabled the logging with command

 

"Crypto logging ezvpn"

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎03-15-2018 06:11 AM - edited ‎03-15-2018 06:12 AM

Hi,
I use an IOS Router with FlexVPN (IKEv2) and authenticate using Certificates, to get user login information the command I use is "crypto logging session ". I believe this will work on IKEv1 also.

The output from this is:
"%CRYPTO-5-IKEV2_SESSION_STATUS: Crypto tunnel v2 is UP. Peer 1.1.1.1:53526 Id: cn=Username,cn=Users,dc=lab,dc=local"

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni
In response to Rob Ingram

‎03-15-2018 06:20 AM

Hi, 

Thanks for your reply. This command help me to know "IP address" of user and ID

 

%CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer XX.XX.XX.XX:38551 Id: XXX-XX <Group Name>

But I am looking username along with above details. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Deepak Kumar

‎03-15-2018 06:37 AM

Are you using EZVPN?

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni
In response to Rob Ingram

‎03-15-2018 06:47 AM

Hi, 

thanks for your reply. We got the solution. actually, it is ezvpn and I enabled the logging with command

 

"Crypto logging ezvpn"

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Deepak Kumar

‎03-15-2018 06:52 AM

Thought so. Glad to hear it's working

 

More related info for EZVPN syslogging which maybe useful:

https://www.cisco.com/c/en/us/products/collateral/security/ios-easy-vpn/prod_white_paper0900aecd803fc77b.html

0 Helpful
Customers Also Viewed These Support Documents