Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco Anyconnect vpn access logging

Posted on 2012-04-02
8
3,836 Views
Last Modified: 2012-06-21
We use the Cisco AnyConnect client for remote user access.  how do i enable vpn access logging that i can easily report on for up to 1 year.

thanks

phil
0
Comment
Question by:philipfarnes
  • 4
  • 4
8 Comments
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37800399
In order to get detailed access logs for AnyConnect for that kind of period, you're going to haver to send accounting data to an external server. If you're already authenticating with a RADIUS server, you can add an accounting entry to your AnyConnect context and have all the data you require for as long as needed. Let me know which platform (ASA or ISR) you're using if you need help with the syntax for setting this up.
0
 

Author Comment

by:philipfarnes
ID: 37803641
its an asa

thanks

phil
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37803671
Assuming that you're already using RADIUS to authenticate against an external server (which is required if you're wanting to use RADIUS accounting) and that you're using the default RADIUS AAA group, you can add accounting capability by adding the following to the ASA's configuration:

aaa accounting enable console RADIUS

If you're using a different AAA group, replace RADIUS in the above command with the group name that you're using.

If you don't have RADIUS authentication set up at all, we'll have to go back a few steps. :)
1
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:philipfarnes
ID: 37803697
we have 2 Microsoft Internet Authentication Service servers acting as the radius servers.

will the above command apply?

also,

if users have issues connecting, how can i log that data?
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37803712
If the IAS services are set up using the RADIUS group, definitely.

This only logs connection/disconnection times, data transfer, &c.  If you want detailed logs from the ASA itself, documenting its own functions, you'll need to set up a syslog server to capture this.

There's a free and open-source one available here: http://syslog-win32.sourceforge.net/
0
 

Author Comment

by:philipfarnes
ID: 37803762
ok great!  and how do i configure the asa to talk to the syslog server.

also i was considering using the kiwi syslog server

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/compare.aspx

is that any good compared to your recommendation?

thanks

phil
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 37803776
Configuring the ASA for syslog isn't complicated, but the configuration varies depending on what you want to do.  There's a very good configuration example that should help you out here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

They syslog servers are comparable.  The open-source one has a feature or two (message forwarding, for example) that you don't get with Kiwi unless you upgrade to the licensed product, but there's nothing wrong with Kiwi as Windows syslog servers go.
0
 

Author Closing Comment

by:philipfarnes
ID: 37803837
very helpful , fast responses!! thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Line cards, Supervisor, Control plane 7 52
ASA ISP failover 3 23
Rdp session freeze periodically in FORTIGATE ssl vpn 2 38
IPsec VPN - which encryption? 5 37
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question