Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5795
  • Last Modified:

Cisco Anyconnect vpn access logging

We use the Cisco AnyConnect client for remote user access.  how do i enable vpn access logging that i can easily report on for up to 1 year.

thanks

phil
0
philipfarnes
Asked:
philipfarnes
  • 4
  • 4
1 Solution
 
Jody LemoineNetwork ArchitectCommented:
In order to get detailed access logs for AnyConnect for that kind of period, you're going to haver to send accounting data to an external server. If you're already authenticating with a RADIUS server, you can add an accounting entry to your AnyConnect context and have all the data you require for as long as needed. Let me know which platform (ASA or ISR) you're using if you need help with the syntax for setting this up.
0
 
philipfarnesAuthor Commented:
its an asa

thanks

phil
0
 
Jody LemoineNetwork ArchitectCommented:
Assuming that you're already using RADIUS to authenticate against an external server (which is required if you're wanting to use RADIUS accounting) and that you're using the default RADIUS AAA group, you can add accounting capability by adding the following to the ASA's configuration:

aaa accounting enable console RADIUS

If you're using a different AAA group, replace RADIUS in the above command with the group name that you're using.

If you don't have RADIUS authentication set up at all, we'll have to go back a few steps. :)
1
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
philipfarnesAuthor Commented:
we have 2 Microsoft Internet Authentication Service servers acting as the radius servers.

will the above command apply?

also,

if users have issues connecting, how can i log that data?
0
 
Jody LemoineNetwork ArchitectCommented:
If the IAS services are set up using the RADIUS group, definitely.

This only logs connection/disconnection times, data transfer, &c.  If you want detailed logs from the ASA itself, documenting its own functions, you'll need to set up a syslog server to capture this.

There's a free and open-source one available here: http://syslog-win32.sourceforge.net/
0
 
philipfarnesAuthor Commented:
ok great!  and how do i configure the asa to talk to the syslog server.

also i was considering using the kiwi syslog server

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/compare.aspx

is that any good compared to your recommendation?

thanks

phil
0
 
Jody LemoineNetwork ArchitectCommented:
Configuring the ASA for syslog isn't complicated, but the configuration varies depending on what you want to do.  There's a very good configuration example that should help you out here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

They syslog servers are comparable.  The open-source one has a feature or two (message forwarding, for example) that you don't get with Kiwi unless you upgrade to the licensed product, but there's nothing wrong with Kiwi as Windows syslog servers go.
0
 
philipfarnesAuthor Commented:
very helpful , fast responses!! thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now