mskumar_apk
asked on
VPN traffic in Cisco PIX logs
Dear Experts,
I am using CiscoPIX firewall. I can see the traffic logs as below.
<166>May 20 2006 01:00:00 kumar: %PIX-6-302013: Built outbound TCP connection 31174132 for outside:xxxxx/80 (xxxxxxxxx/80) to inside:xxxxxxx/52648 (xxxxxxxx/54508)
<166>May 20 2006 01:00:00 kumar: %PIX-6-302014: Teardown TCP connection 31174132 for outside:xxxxxxxxxx/80 to inside:xxxxxxx/52648 duration 0:00:01 bytes 1048576 TCP FINs
Is there a way to find the amount of traffic that is going through VPN per user? What is the signature in the log that I can look for?
regards
Kumar
I am using CiscoPIX firewall. I can see the traffic logs as below.
<166>May 20 2006 01:00:00 kumar: %PIX-6-302013: Built outbound TCP connection 31174132 for outside:xxxxx/80 (xxxxxxxxx/80) to inside:xxxxxxx/52648 (xxxxxxxx/54508)
<166>May 20 2006 01:00:00 kumar: %PIX-6-302014: Teardown TCP connection 31174132 for outside:xxxxxxxxxx/80 to inside:xxxxxxx/52648 duration 0:00:01 bytes 1048576 TCP FINs
Is there a way to find the amount of traffic that is going through VPN per user? What is the signature in the log that I can look for?
regards
Kumar
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No, I do not know of a way either for individual VPN users just using the PIX. I can do this using the VPN concentrators but that functionality is built in.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
If I execute 'show isakmp sa', I get only dst,src,state,pending,crea ted and no info on traffic.
So the conclusion is we could not get vpn traffic through cisco pix logs right?
thanks,
with regards,
Kumar
If I execute 'show isakmp sa', I get only dst,src,state,pending,crea
So the conclusion is we could not get vpn traffic through cisco pix logs right?
thanks,
with regards,
Kumar
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.