Solved: PIX 515E and Remote Access VPN

l.rinetti1 · ‎03-14-2015

I use a PIX 515E with: ASDM Version: 6.1(5)51 PIX Version: 8.0(4) and configure it with Remote Access VPN.

I'd like to get an email each time a user login (and or logout) to the VPN. The remote clients use the Cisco VPN Client.

Any help is appreciated,

Adeolu Owokade · ‎03-19-2015

Hi,

Here's a link to how to configure email logging on the ASA/PIX: http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc7

Then you can build a message list to send logs only for the VPN user login/logout: http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc18

There's a related thread here: https://supportforums.cisco.com/discussion/10798976/asa-email-logging-issue

View solution in original post

Adeolu Owokade · ‎03-19-2015

Hi,

Here's a link to how to configure email logging on the ASA/PIX: http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc7

Then you can build a message list to send logs only for the VPN user login/logout: http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc18

There's a related thread here: https://supportforums.cisco.com/discussion/10798976/asa-email-logging-issue

l.rinetti1 · ‎03-19-2015

First of all,

thank You for the answer, i'm evaluating all your suggestions and let you know what of them will

help me get an email each time someone login/logout the Remote Access VPN on my PIX 55E.

Kind Regards

l.rinetti1 · ‎04-12-2015

Hello Adeolu,

i try a lot of combination in order to get an email when the Messages-ID occur:

713120, 713050, 302015

but no mail are generated for these, i receive mail for (unwanted) events like PIX-2-106001 or 106014 so the mail server configuration is good.

I used an Event-list named "vpn-login" with Event/class "vpn / Informational" and Message ID "713120 713050 302015" and apply to the destination Email with event-list "vpn-login". I am not sure if i need to configure also a "Specific event classes".

I forgot something ?

Thank You

l.rinetti1 · ‎04-12-2015

Thi is what i get from the PIX:

Result of the command: "show logging setting"

Syslog logging: enabled
    Facility: 20
    Timestamp logging: enabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: level errors, 16091066 messages logged
    Buffer logging: list vpn-login, class vpn, 99752 messages logged
    Trap logging: level errors, class vpn vpnc vpnfo, facility 20, 16091577 messages logged
        Logging to inside server-modem1
    History logging: disabled
    Device ID: disabled
    Mail logging: list vpn-login, class vpn, 332182 messages logged
    ASDM logging: level informational, 16138017 messages logged

l.rinetti1 · ‎04-12-2015

I found a way to get the Email i want when message-id 71322 e 713050 occur, also if a am not sure is the best way. Any comments are appreciated.

1)

Configuration > Device Management > Logging > E-Mail Setup

Syslog Severity: Alerts

2)

Configuration > Device Management > Logging > Logging Filters

Email Severity: Alerts

3)

Configuration > Device Management > Logging > Syslog Setup
71322 and 713050 Logging level elevated to Alerts

Adeolu Owokade · ‎04-12-2015

Hi,

I'm glad it works now. I don't understand your question though...as long as it is working as expected