Solved

Cisco PIX 506e VPN logging

Posted on 2006-07-24
6
483 Views
Last Modified: 2010-03-19
Dear Experts

We are using a Cisco PIX 506e firewall. I have set up a couple of VPN user accounts so that members of staff can VPN from home and carry out any work they need on the network.

Each user has a seperate VPN username/password and then they authenticate again with their standard Active Directory username and password.

Can someone tell me if information such as what time they have VPN'd in is logged anywhere?

At the moment, the current settings in the PDM are

PDM>Configuration>Logging

Logging Setup:

Enable logging is checked

PDM Logging:

Level: Informational
Buffer: 100

Syslog:
Facility: Local4(20)
Level: Disabled

What changes do I need to make to extract the information I need?

Many thanks in advance.
0
Comment
Question by:Dilan77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 500 total points
ID: 17168858
You need to setup the syslog server and then enable the pix logging onto it.

You can install kiwi syslog server on any windows machine.

Then you have to spceify the IP address of the Syslog server. After this select the Logging level on pix, it could be informational, debugging etc. (Informational is more than enough)

Now, you pix will log each and every thing on the syslog server. Remember and select logging mode using UDP and not TCP. As TCP mode is guranteed mode and if it can't log on syslog , pix will not allow any packet to pass.
UDP is just for information.

You can check the syslog events to tell if someone has logged into your network using VPN.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17168878
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17174746
Thanks prashsax, I've set up the Kiwi Syslog server.

I'm not too sure how to filter the entries for just the VPN connections though. Do I need to check out the text file that it exports the data to and carry out
a 'search' or is there a more straightforward way?

Thanks
Dilan
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 13

Expert Comment

by:prashsax
ID: 17176098
You are right, you need to search for the entries of VPN authentication in the entire log file.

Or you can use some of the commercial Log Analyzer tools to read the log file.

One such tool is FireGen. Download the shareware copy of FireGen and then see if that helps.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17184092
Excellent, thanks very much.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17184606
ThankQ.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question