01-27-2014 06:39 AM
Hi all
I have CISCO equipment set to allow VPN access from the Internet. I wish to know when users log on the internal network etc.
Is there a way how I can do this? maybe via e-mail notification etc?
Thanks a lot
01-28-2014 01:19 AM
Are you using Cisco Device for VPN termination? If you are which cisco device you are using?
01-28-2014 01:28 AM
The devices are these:
Cisco Router 2901
Cisco Switch 2960s
01-28-2014 01:40 AM
So are you terminating your VPN on 2901?
01-28-2014 01:57 AM
Precisely - I want to know when users log on by means of an e-mail notification. Ideally even when they disconnect too.
01-28-2014 02:05 AM
You need to enable logging for this then you can use EEM for Sending the login alert to you mailbox:
You can configure it like this:
1.) Enable logging
2.) you must identify the log message. e.g while if you connect to the VPN server via VPN client, the log message is:
JAN 27 13:28:13.227: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
If you want the username also with mail then you must identify the log message which contain the userID.
3.) you must define the email variables:
Ciscozine(config)#event manager environment _email_to your-to-mail@domain.com
Ciscozine(config)#event manager environment _email_server your.mail.server
Ciscozine(config)#event manager environment _email_from your-from-mail@domain.com
After that, it is possible define the ‘applet’, the ‘event’ and the ‘action’:
4.) Send email when you are connected to the router via IPSEC session
Ciscozine(config)#event manager applet CheckVPN
Ciscozine(config-applet)#event syslog pattern "LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access.*up"
Ciscozine(config-applet)#action 1.0 cli command "enable"
Ciscozine(config-applet)#action 1.5 cli command "sh crypto ipsec sa | i local crypto"
Ciscozine(config-applet)#action 2.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "$_event_pub_time: VPN User connected" body "Connection:\n$_cli_result"
Ciscozine(config-applet)#action 2.5 syslog priority 5 msg "VPN UP - Mail Sent"
Remember: In EEM 3.0 for Cisco IOS Release 12.4(22)T, the server-address argument includes an optional username and password along with the fully qualified domain name of the e-mail server to be used to forward the e-mail. The e-mail server name can be in any one of the following template formats:
Remember: EEM has pre-defined variables:
Hope this will help. Please rate the post if you find it helpfull.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: