Solved

Cisco Anyconnect vpn access logging

Posted on 2012-04-02
8
4,000 Views
Last Modified: 2012-06-21
We use the Cisco AnyConnect client for remote user access.  how do i enable vpn access logging that i can easily report on for up to 1 year.

thanks

phil
0
Comment
Question by:philipfarnes
  • 4
  • 4
8 Comments
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37800399
In order to get detailed access logs for AnyConnect for that kind of period, you're going to haver to send accounting data to an external server. If you're already authenticating with a RADIUS server, you can add an accounting entry to your AnyConnect context and have all the data you require for as long as needed. Let me know which platform (ASA or ISR) you're using if you need help with the syntax for setting this up.
0
 

Author Comment

by:philipfarnes
ID: 37803641
its an asa

thanks

phil
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37803671
Assuming that you're already using RADIUS to authenticate against an external server (which is required if you're wanting to use RADIUS accounting) and that you're using the default RADIUS AAA group, you can add accounting capability by adding the following to the ASA's configuration:

aaa accounting enable console RADIUS

If you're using a different AAA group, replace RADIUS in the above command with the group name that you're using.

If you don't have RADIUS authentication set up at all, we'll have to go back a few steps. :)
1
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 

Author Comment

by:philipfarnes
ID: 37803697
we have 2 Microsoft Internet Authentication Service servers acting as the radius servers.

will the above command apply?

also,

if users have issues connecting, how can i log that data?
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37803712
If the IAS services are set up using the RADIUS group, definitely.

This only logs connection/disconnection times, data transfer, &c.  If you want detailed logs from the ASA itself, documenting its own functions, you'll need to set up a syslog server to capture this.

There's a free and open-source one available here: http://syslog-win32.sourceforge.net/
0
 

Author Comment

by:philipfarnes
ID: 37803762
ok great!  and how do i configure the asa to talk to the syslog server.

also i was considering using the kiwi syslog server

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/compare.aspx

is that any good compared to your recommendation?

thanks

phil
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 37803776
Configuring the ASA for syslog isn't complicated, but the configuration varies depending on what you want to do.  There's a very good configuration example that should help you out here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

They syslog servers are comparable.  The open-source one has a feature or two (message forwarding, for example) that you don't get with Kiwi unless you upgrade to the licensed product, but there's nothing wrong with Kiwi as Windows syslog servers go.
0
 

Author Closing Comment

by:philipfarnes
ID: 37803837
very helpful , fast responses!! thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Poll Active Directory user information 11 63
Palo Alto site-to-site vpn monitoring 5 46
Change SSH password on Cisco 4331 ISR 4 25
Cisco Switch slow_Faulty Link 7 11
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question