Solved

Cisco PIX 506e VPN logging

Posted on 2006-07-24
6
477 Views
Last Modified: 2010-03-19
Dear Experts

We are using a Cisco PIX 506e firewall. I have set up a couple of VPN user accounts so that members of staff can VPN from home and carry out any work they need on the network.

Each user has a seperate VPN username/password and then they authenticate again with their standard Active Directory username and password.

Can someone tell me if information such as what time they have VPN'd in is logged anywhere?

At the moment, the current settings in the PDM are

PDM>Configuration>Logging

Logging Setup:

Enable logging is checked

PDM Logging:

Level: Informational
Buffer: 100

Syslog:
Facility: Local4(20)
Level: Disabled

What changes do I need to make to extract the information I need?

Many thanks in advance.
0
Comment
Question by:Dilan77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 500 total points
ID: 17168858
You need to setup the syslog server and then enable the pix logging onto it.

You can install kiwi syslog server on any windows machine.

Then you have to spceify the IP address of the Syslog server. After this select the Logging level on pix, it could be informational, debugging etc. (Informational is more than enough)

Now, you pix will log each and every thing on the syslog server. Remember and select logging mode using UDP and not TCP. As TCP mode is guranteed mode and if it can't log on syslog , pix will not allow any packet to pass.
UDP is just for information.

You can check the syslog events to tell if someone has logged into your network using VPN.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17168878
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17174746
Thanks prashsax, I've set up the Kiwi Syslog server.

I'm not too sure how to filter the entries for just the VPN connections though. Do I need to check out the text file that it exports the data to and carry out
a 'search' or is there a more straightforward way?

Thanks
Dilan
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 13

Expert Comment

by:prashsax
ID: 17176098
You are right, you need to search for the entries of VPN authentication in the entire log file.

Or you can use some of the commercial Log Analyzer tools to read the log file.

One such tool is FireGen. Download the shareware copy of FireGen and then see if that helps.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17184092
Excellent, thanks very much.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17184606
ThankQ.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Simple Router Management, Subnets and VLANs e.g. RV0xx 7 68
HP network exams 3 56
Alot of sessions on a PC is generated 3 79
Can't access router with user and pass 10 74
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question