marceloNYC
asked on
PIX VPN users
I can't keep a log or view the users that are logged in to my PIX Firewall. I have a PIX 515E and want to view the users that are connected to the VPN network. I can see the IP connection but I will like to see the users that I have in the configuration.
Here is some part of the configuration:
IX Version 6.3(3)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password pzUt4u85Fo2zCKM2 encrypted
passwd 577ue2UsN1E8CMPR encrypted
hostname xxxxx
domain-name xxxxxxx
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 512
fixup protocol
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name xxxxxxxxxxx
name xxxxxxxx
pager lines 24
logging on
logging trap debugging
logging host inside xxxxxx
icmp permit any outside
icmp permit any echo outside
icmp permit any echo-reply outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip audit info action alarm
ip audit attack action alarm
ip local pool xxxl xxxxxxxxx
pdm location xxxxxxxinside
pdm location xxxxxxxx inside
pdm location xxxxxx inside
pdm history enable
arp timeout 14400
global (outside) 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
ntp server 192.5.41.209 source outside prefer
http server enable
floodguard enable
sysopt connection permit-ipsec
vpngroup xxxxx address-pool xxxpool
vpngroup xxxxxx dns-server 198.6.100.38
vpngroup xxxxxx split-tunnel xxxxx
vpngroup xxxxxx pfs
vpngroup xxxxxx idle-time 1800
vpngroup xxxxxx password ********
vpdn enable outside
username whomever password 1JCYmrWawZrILp6y encrypted privilege 2 <---- THIS IS WHAT I WANT TO SEE IN THE PDM
username xxxxxxx password cauQEFEZEbPnOD0z encrypted privilege 2
username xxxxx password 577ue2UsN1E8CMPR encrypted privilege 2
terminal width 80
Cryptochecksum:78e70694fd7 1cf4b16760 caa4a34bdc f
: end
P.S. I took a lot out from the actual configuration. Anyways, I hope that my question is explain well and understood.
Here is some part of the configuration:
IX Version 6.3(3)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password pzUt4u85Fo2zCKM2 encrypted
passwd 577ue2UsN1E8CMPR encrypted
hostname xxxxx
domain-name xxxxxxx
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 512
fixup protocol
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name xxxxxxxxxxx
name xxxxxxxx
pager lines 24
logging on
logging trap debugging
logging host inside xxxxxx
icmp permit any outside
icmp permit any echo outside
icmp permit any echo-reply outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip audit info action alarm
ip audit attack action alarm
ip local pool xxxl xxxxxxxxx
pdm location xxxxxxxinside
pdm location xxxxxxxx inside
pdm location xxxxxx inside
pdm history enable
arp timeout 14400
global (outside) 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
ntp server 192.5.41.209 source outside prefer
http server enable
floodguard enable
sysopt connection permit-ipsec
vpngroup xxxxx address-pool xxxpool
vpngroup xxxxxx dns-server 198.6.100.38
vpngroup xxxxxx split-tunnel xxxxx
vpngroup xxxxxx pfs
vpngroup xxxxxx idle-time 1800
vpngroup xxxxxx password ********
vpdn enable outside
username whomever password 1JCYmrWawZrILp6y encrypted privilege 2 <---- THIS IS WHAT I WANT TO SEE IN THE PDM
username xxxxxxx password cauQEFEZEbPnOD0z encrypted privilege 2
username xxxxx password 577ue2UsN1E8CMPR encrypted privilege 2
terminal width 80
Cryptochecksum:78e70694fd7
: end
P.S. I took a lot out from the actual configuration. Anyways, I hope that my question is explain well and understood.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are the users prompted for a passoword (in addition to the group password) when they connect?
If they are then I would expect 'show uauth' to show the usernames who are logged in.
The system I am using uses a Radius server primarily so that I can issue different access lists to each individual users VPN session.
'show uath' does work for me with this configuration.