?
Solved

Cisco Anyconnect vpn access logging

Posted on 2012-04-02
8
Medium Priority
?
4,739 Views
Last Modified: 2012-06-21
We use the Cisco AnyConnect client for remote user access.  how do i enable vpn access logging that i can easily report on for up to 1 year.

thanks

phil
0
Comment
Question by:philipfarnes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37800399
In order to get detailed access logs for AnyConnect for that kind of period, you're going to haver to send accounting data to an external server. If you're already authenticating with a RADIUS server, you can add an accounting entry to your AnyConnect context and have all the data you require for as long as needed. Let me know which platform (ASA or ISR) you're using if you need help with the syntax for setting this up.
0
 

Author Comment

by:philipfarnes
ID: 37803641
its an asa

thanks

phil
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37803671
Assuming that you're already using RADIUS to authenticate against an external server (which is required if you're wanting to use RADIUS accounting) and that you're using the default RADIUS AAA group, you can add accounting capability by adding the following to the ASA's configuration:

aaa accounting enable console RADIUS

If you're using a different AAA group, replace RADIUS in the above command with the group name that you're using.

If you don't have RADIUS authentication set up at all, we'll have to go back a few steps. :)
1
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:philipfarnes
ID: 37803697
we have 2 Microsoft Internet Authentication Service servers acting as the radius servers.

will the above command apply?

also,

if users have issues connecting, how can i log that data?
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37803712
If the IAS services are set up using the RADIUS group, definitely.

This only logs connection/disconnection times, data transfer, &c.  If you want detailed logs from the ASA itself, documenting its own functions, you'll need to set up a syslog server to capture this.

There's a free and open-source one available here: http://syslog-win32.sourceforge.net/
0
 

Author Comment

by:philipfarnes
ID: 37803762
ok great!  and how do i configure the asa to talk to the syslog server.

also i was considering using the kiwi syslog server

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/compare.aspx

is that any good compared to your recommendation?

thanks

phil
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 2000 total points
ID: 37803776
Configuring the ASA for syslog isn't complicated, but the configuration varies depending on what you want to do.  There's a very good configuration example that should help you out here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

They syslog servers are comparable.  The open-source one has a feature or two (message forwarding, for example) that you don't get with Kiwi unless you upgrade to the licensed product, but there's nothing wrong with Kiwi as Windows syslog servers go.
0
 

Author Closing Comment

by:philipfarnes
ID: 37803837
very helpful , fast responses!! thanks
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question