• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 553
  • Last Modified:

ASA Employee VPN Monitoring

I have two questions regarding a Cisco ASA and VPN Monitoring

1.  There are a lot of employees whom have VPN credentials.  Is there a way for me to find out when the last time their credentials were used?

2.  Is there a way to receive an email alert each time an employee makes a VPN connection using AnyConnect? If yes, can their user name be included in the email?
0
deklinm
Asked:
deklinm
1 Solution
 
jmeggersSr. Network and Security EngineerCommented:
Are you logging authentications, or using an external back-end auth server such as ACS?  That's about the only way I'm aware of you can track when someone last authenticated.  I don't know of a way of generating the e-mail right out of the ASA.  Again, I think you would need some kind of management platform to provide that functionality.
0
 
ValmarkCommented:
The ASA supports AAA and can use RADIUS and TACACS+ for accounting functions.  Receiving email alerts will depend on what implementation of the above you choose to use.

0
 
deklinmAuthor Commented:
I am using Active Directory for authentiation
0
 
JorisFRSTCommented:
Use kiwi syslog to catch your logs, even the free version has Conditional e-mail alerting

add : logging class vpn trap informational

so it will send informational logging for vpn connections, including the username.

Build email filters in kiwi syslog.

http://www.kiwisyslog.com/kiwi-syslog-server-compare-versions/

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now