Solved

What, if any, event ID is created on domain controller when a user logs off VPN?

Posted on 2010-08-31
4
473 Views
Last Modified: 2012-05-10
I am attempting to use our Network Monitoring program to send an email alert when a user is granted access to, denied access to, or logs off our VPN. I am able to filter out IAS 1 for access granted, IAS 2 for access denied, but am having issues finding anything for when a user logs off their VPN client.

We use CISCO Anytime connect VPN and I DON'T see any other IAS messages besides Event ID 1 and Event ID 1. Our domain controller is on Windows Server 2003.
0
Comment
Question by:kyates57
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 12

Accepted Solution

by:
Rant32 earned 500 total points
ID: 33571857
Unfortunately, you will not see the logoff events. The IAS messages you see are generated when the VPN client authenticates to your VPN access router/firewall. The VPN router forwards the credentials to AD via RADIUS. IAS is not involved when disconnecting.

If the monitoring program supports SNMP, you may be able to generate an SMTP trap when VPN logon/logoff occurs.
0
 
LVL 12

Expert Comment

by:Rant32
ID: 33571871
Oh, the VPN router is the device that knows when the client disconnects, any traps or reports should come from there.
0
 

Author Comment

by:kyates57
ID: 33571873
Let me investigate, and if I find a solution, I will post it, else, I'll mark yours as the solution. Thanks for your time!
0
 
LVL 12

Expert Comment

by:Rant32
ID: 33571882
Did I say SMTP trap? Been doing too much of that lately. That should be SNMP.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question