Solved

Cisco ASA alert on VPN

Posted on 2013-05-22
4
1,459 Views
Last Modified: 2013-06-06
Hello,

I'm trying to setup an alert on successful VPN login attempts on my ASA 5520. I've not gotten far.

I have Clientless SSL VPN access enabled and working. I see the syslog events when some one logs in and out of the VPN.

How can I set up an email alert to be sent to me when this happens? I have alerts coming to me for critical events and I'd like to add this to my list.

Thank you.
0
Comment
Question by:netcmh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 39189733
Below are the commands I used to send email alerts when the primary default route failed (triggered via SLA). I found the syslog error ID (622001) and changed the level to error, created a logging group with that message, and tied that group to the logging mail commands. You would just need to change this to the syslog error ID(s) that you see during logon/logoff. You may need to add an exception on your email server to allow the ASA to send the email.


logging enable
logging list InternetSLA message 622001
logging console errors
logging buffered informational
logging asdm informational
logging mail InternetSLA
logging from-address ASAFIREWALL@company.com
logging recipient-address chris@company.com level errors
logging message 622001 level errors

sla monitor 1
type echo protocol ipIcmpEcho x.x.x.5 interface outside
sla monitor schedule 1 life forever start-time now

smtp-server 172.20.0.10
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39190664
0
 
LVL 20

Author Comment

by:netcmh
ID: 39190765
So, I already have alerts coming to me on critical events.

What I need is the ability to track VPN logins, in addition to the existing:

logging enable
logging timestamp
logging asdm-buffer-size 500
logging console errors
logging monitor debugging
logging buffered warnings
logging trap notifications
logging asdm warnings
logging mail alerts
logging from-address CiscoASA@mycompany.com
logging recipient-address admin@mycompany.com level errors
logging host inside NetAdminPC
logging class vpn trap informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 505013
no logging message 505015
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020

How do I proceed?

Thanks
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 39191517
You have logging mail set to alerts. A VPN login is more than likely classified as informational versus an alert. Capture the logon/logoff messages in the syslog, and the message will include the message ID number. Then you can manually change the level of that syslog entry to alert and it will be included in the email.

Let's say the syslog id is 99989

logging message 99989 level alerts

would change the level of that entry and qualify it for your syslog email.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Juniper SRX3600 - block all traffic to two IP's 5 25
ASA Tunnel 18 49
VOIP gateways - feedback 23 71
Check Spoof email 6 34
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question