Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
4
Helpful
4
Replies

Logging VPN clients

leo_zidane
Level 1
Level 1

‎07-02-2008 07:21 PM - edited ‎02-21-2020 03:48 PM

I have a ASA 5510 Security Plus Appliance which has VPN enabled. How can do a logging of clients that have VPN into my network or have failed to VPN in.

Thanks

Labels:
0 Helpful
4 Replies 4

JORGE RODRIGUEZ
Level 10
Level 10

‎07-02-2008 10:36 PM

Best is to setup a syslog server to capture logs or set up FTP server for same purpose, if you want specific log ID such as vpn clients connections, you may filter by using the Event List feature under firewall managemet logging section, configure Event class to filter on specific messages events such as vpn Ike IPsec connections webvpn etc..

working with messages loggings - see logging host for syslog server setup or logging ftp-server

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1736463

Event list logging filtering - logging in general

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/cfglog.html

Rgds

-Jorge

Jorge Rodriguez
0 Helpful

leo_zidane
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-03-2008 05:59 PM

My ASA firewall logging setup is by syslog ID. Do you know what is the syslog ID associated with VPN so that I can enable it?

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to leo_zidane

‎07-04-2008 07:48 PM

Look in messages ID ranges from 701001 to 732003 , like the 731052, 713056, 713060, 713061, there could be more , what I would suggest is to have a user connect via vpn and look at the asdm log when the user connects, take look at realtime asdm log and take notes of the syslog ID# on the syslog id colum,you may also ask the user to to purposely fail user password when connecting so that you can capture syslog id number for references.

System log messages

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html

Syslog messages by code

http://www.cisco.com/en/US/products/ps6120/products_system_message_guides_list.html

HTH

-Jorge

PLS rate any helpful posts

Jorge Rodriguez

ThomasSorensen
Level 1
Level 1

‎02-24-2021 12:23 AM

Hello,

I am new to VPN equipment at this level but I hope you have the patience to help me.

How can I setup Cisco 4100 series equipment to log the source IP of a VPN user which access a given url e.g. https://mysite.com/restricted ?

ClientIP -> Cisco 4100 -> vpnIP -> url

I would like a log entry with datetime, source IP, vpnIP, url for every client that accesses the url.

Thanks in advance

Thomas Sørensen

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents