?
Solved

Cisco PIX 506e VPN logging

Posted on 2006-07-24
6
Medium Priority
?
488 Views
Last Modified: 2010-03-19
Dear Experts

We are using a Cisco PIX 506e firewall. I have set up a couple of VPN user accounts so that members of staff can VPN from home and carry out any work they need on the network.

Each user has a seperate VPN username/password and then they authenticate again with their standard Active Directory username and password.

Can someone tell me if information such as what time they have VPN'd in is logged anywhere?

At the moment, the current settings in the PDM are

PDM>Configuration>Logging

Logging Setup:

Enable logging is checked

PDM Logging:

Level: Informational
Buffer: 100

Syslog:
Facility: Local4(20)
Level: Disabled

What changes do I need to make to extract the information I need?

Many thanks in advance.
0
Comment
Question by:Dilan77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 2000 total points
ID: 17168858
You need to setup the syslog server and then enable the pix logging onto it.

You can install kiwi syslog server on any windows machine.

Then you have to spceify the IP address of the Syslog server. After this select the Logging level on pix, it could be informational, debugging etc. (Informational is more than enough)

Now, you pix will log each and every thing on the syslog server. Remember and select logging mode using UDP and not TCP. As TCP mode is guranteed mode and if it can't log on syslog , pix will not allow any packet to pass.
UDP is just for information.

You can check the syslog events to tell if someone has logged into your network using VPN.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17174746
Thanks prashsax, I've set up the Kiwi Syslog server.

I'm not too sure how to filter the entries for just the VPN connections though. Do I need to check out the text file that it exports the data to and carry out
a 'search' or is there a more straightforward way?

Thanks
Dilan
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 13

Expert Comment

by:prashsax
ID: 17176098
You are right, you need to search for the entries of VPN authentication in the entire log file.

Or you can use some of the commercial Log Analyzer tools to read the log file.

One such tool is FireGen. Download the shareware copy of FireGen and then see if that helps.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17184092
Excellent, thanks very much.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17184606
ThankQ.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question