Solved

What, if any, event ID is created on domain controller when a user logs off VPN?

Posted on 2010-08-31
4
467 Views
Last Modified: 2012-05-10
I am attempting to use our Network Monitoring program to send an email alert when a user is granted access to, denied access to, or logs off our VPN. I am able to filter out IAS 1 for access granted, IAS 2 for access denied, but am having issues finding anything for when a user logs off their VPN client.

We use CISCO Anytime connect VPN and I DON'T see any other IAS messages besides Event ID 1 and Event ID 1. Our domain controller is on Windows Server 2003.
0
Comment
Question by:kyates57
  • 3
4 Comments
 
LVL 12

Accepted Solution

by:
Rant32 earned 500 total points
ID: 33571857
Unfortunately, you will not see the logoff events. The IAS messages you see are generated when the VPN client authenticates to your VPN access router/firewall. The VPN router forwards the credentials to AD via RADIUS. IAS is not involved when disconnecting.

If the monitoring program supports SNMP, you may be able to generate an SMTP trap when VPN logon/logoff occurs.
0
 
LVL 12

Expert Comment

by:Rant32
ID: 33571871
Oh, the VPN router is the device that knows when the client disconnects, any traps or reports should come from there.
0
 

Author Comment

by:kyates57
ID: 33571873
Let me investigate, and if I find a solution, I will post it, else, I'll mark yours as the solution. Thanks for your time!
0
 
LVL 12

Expert Comment

by:Rant32
ID: 33571882
Did I say SMTP trap? Been doing too much of that lately. That should be SNMP.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now