Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


What, if any, event ID is created on domain controller when a user logs off VPN?

Posted on 2010-08-31
Medium Priority
Last Modified: 2012-05-10
I am attempting to use our Network Monitoring program to send an email alert when a user is granted access to, denied access to, or logs off our VPN. I am able to filter out IAS 1 for access granted, IAS 2 for access denied, but am having issues finding anything for when a user logs off their VPN client.

We use CISCO Anytime connect VPN and I DON'T see any other IAS messages besides Event ID 1 and Event ID 1. Our domain controller is on Windows Server 2003.
Question by:kyates57
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 12

Accepted Solution

Rant32 earned 2000 total points
ID: 33571857
Unfortunately, you will not see the logoff events. The IAS messages you see are generated when the VPN client authenticates to your VPN access router/firewall. The VPN router forwards the credentials to AD via RADIUS. IAS is not involved when disconnecting.

If the monitoring program supports SNMP, you may be able to generate an SMTP trap when VPN logon/logoff occurs.
LVL 12

Expert Comment

ID: 33571871
Oh, the VPN router is the device that knows when the client disconnects, any traps or reports should come from there.

Author Comment

ID: 33571873
Let me investigate, and if I find a solution, I will post it, else, I'll mark yours as the solution. Thanks for your time!
LVL 12

Expert Comment

ID: 33571882
Did I say SMTP trap? Been doing too much of that lately. That should be SNMP.

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question