Solved

Cisco PIX 506e VPN logging

Posted on 2006-07-24
6
446 Views
Last Modified: 2010-03-19
Dear Experts

We are using a Cisco PIX 506e firewall. I have set up a couple of VPN user accounts so that members of staff can VPN from home and carry out any work they need on the network.

Each user has a seperate VPN username/password and then they authenticate again with their standard Active Directory username and password.

Can someone tell me if information such as what time they have VPN'd in is logged anywhere?

At the moment, the current settings in the PDM are

PDM>Configuration>Logging

Logging Setup:

Enable logging is checked

PDM Logging:

Level: Informational
Buffer: 100

Syslog:
Facility: Local4(20)
Level: Disabled

What changes do I need to make to extract the information I need?

Many thanks in advance.
0
Comment
Question by:Dilan77
  • 4
  • 2
6 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 500 total points
ID: 17168858
You need to setup the syslog server and then enable the pix logging onto it.

You can install kiwi syslog server on any windows machine.

Then you have to spceify the IP address of the Syslog server. After this select the Logging level on pix, it could be informational, debugging etc. (Informational is more than enough)

Now, you pix will log each and every thing on the syslog server. Remember and select logging mode using UDP and not TCP. As TCP mode is guranteed mode and if it can't log on syslog , pix will not allow any packet to pass.
UDP is just for information.

You can check the syslog events to tell if someone has logged into your network using VPN.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17168878
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17174746
Thanks prashsax, I've set up the Kiwi Syslog server.

I'm not too sure how to filter the entries for just the VPN connections though. Do I need to check out the text file that it exports the data to and carry out
a 'search' or is there a more straightforward way?

Thanks
Dilan
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 13

Expert Comment

by:prashsax
ID: 17176098
You are right, you need to search for the entries of VPN authentication in the entire log file.

Or you can use some of the commercial Log Analyzer tools to read the log file.

One such tool is FireGen. Download the shareware copy of FireGen and then see if that helps.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17184092
Excellent, thanks very much.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17184606
ThankQ.
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Squid Connection Pools 3 44
Looking for good easy switch for lab at home. 13 79
syslog id vs. msg 2 20
Cisco 1811W VLAN configuration problem 3 0
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now