• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1367
  • Last Modified:

Cisco ASA 5510 AnyConnect VPN - Syslog

Hi - I want to capture the initial tunnel build up of the VPN in Syslog. When users connect via Cisco AnyConnect Client.

What Group/Class or Message ID's do need to enable in logging if I need to see the following:

Users ISP add when they initiate the VPN session
The Internal IP assigned to them upon successful connection
User login ( failed or pass)
DHCP assignment etc...

At present we have level 6 logging enabled (i.e. informational level) .

  • 2
1 Solution
Change syslog to debug
debug crypto ipsec
adam_kan2000Author Commented:
But you cannot enable debugging in a production level......is that correct.
Imean you cannot enable level 7 ?
You absolutely can enable debug logging in production without impact.  Where you need to be careful is with the debug statements you enter.  'Debug all' will kill most boxes, while 'debug crypto ipsec' is something routinely used in production to troubleshoot VPN connectivity.  Or you may want to try 'debug crypto vpnclient' to see if that gives more concise/relevant info.

Unless you expect thousands of VPN connection initiations per second, you should see only minimal impact to cpu.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now