07-02-2008 07:21 PM - edited 02-21-2020 03:48 PM
I have a ASA 5510 Security Plus Appliance which has VPN enabled. How can do a logging of clients that have VPN into my network or have failed to VPN in.
Thanks
07-02-2008 10:36 PM
Best is to setup a syslog server to capture logs or set up FTP server for same purpose, if you want specific log ID such as vpn clients connections, you may filter by using the Event List feature under firewall managemet logging section, configure Event class to filter on specific messages events such as vpn Ike IPsec connections webvpn etc..
working with messages loggings - see logging host for syslog server setup or logging ftp-server
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1736463
Event list logging filtering - logging in general
http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/cfglog.html
Rgds
-Jorge
07-03-2008 05:59 PM
My ASA firewall logging setup is by syslog ID. Do you know what is the syslog ID associated with VPN so that I can enable it?
07-04-2008 07:48 PM
Look in messages ID ranges from 701001 to 732003 , like the 731052, 713056, 713060, 713061, there could be more , what I would suggest is to have a user connect via vpn and look at the asdm log when the user connects, take look at realtime asdm log and take notes of the syslog ID# on the syslog id colum,you may also ask the user to to purposely fail user password when connecting so that you can capture syslog id number for references.
System log messages
http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html
Syslog messages by code
http://www.cisco.com/en/US/products/ps6120/products_system_message_guides_list.html
HTH
-Jorge
PLS rate any helpful posts
02-24-2021 12:23 AM
Hello,
I am new to VPN equipment at this level but I hope you have the patience to help me.
How can I setup Cisco 4100 series equipment to log the source IP of a VPN user which access a given url e.g. https://mysite.com/restricted ?
ClientIP -> Cisco 4100 -> vpnIP -> url
I would like a log entry with datetime, source IP, vpnIP, url for every client that accesses the url.
Thanks in advance
Thomas Sørensen
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: