Solved

View log of client VPN connections and disconnections from a Cisco ASA in Solarwinds

Posted on 2014-12-19
5
216 Views
Last Modified: 2016-07-17
I need to log start and stop times for all client vpn connections that terminate on a Cisco ASA 5510.  I currently use Solarwinds for Syslog and Netflow data, but I'm not exactly sure how to extract and view VPN only data in Solarwinds.

Any ideas?
0
Comment
Question by:tballin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40510741
I was thinking this may be of relevance and help which uses  Orion Universal Device Poller to monitor with NPM. Separately Cisco has SNMP Object Navigator. The OID in the CISCO-IPSEC-FLOW-MONITOR-MIB can reflect couple of fields which reflects the current number of active tunnels, strat and stop of tunnel in  phase 1/2 and also the remote peer IP address. The navigator list out what the OID represents. There are also discussion on monitoring the ssl vpn , you can check out the steps shared to configure UnDP and view using "Custom Object Resource" (though it did not state the specific OID we are interested for start/end)..

Also from Cisco ASA, you can check out this which stated via console issuing "show vpn-sessiondb l2l" (exmple stated particular peer of interest) and also via ASDM to check the Monitoring section on the VPN information where you will select Site to Site VPN / L2L VPN. This should show the list of L2L VPN connections possibly active on the ASA. But do note the below pertaining the console instructions based on client connection that is of interest.

sh vpn-sessiondb remote (IPSec Remote VPN Clients)
sh vpn-sessiondb l2l (L2L Tunnels)
sh vpn-sessiondb svc (SSL VPN / Anyconnect Clients)
0
 
LVL 64

Expert Comment

by:btan
ID: 41714990
Specifically in solarwinds my previous post leads to the showing of the list of vpn
Go to Orion Universal Device Poller.  Add a new sensor and use OID 1.3.6.1.4.1.9.9.392.1.3.35.0.  Make sure your MIB Value Type is Raw Value, Format is None, and SNMP Get Type is GET.  At that point, add your firewalls of interest to the poller.
Go to your Solarwinds view of interest and add a "Custom Object Resource".  Give it your title, choose your node, and for Select object resource, I chose Universal Device Poller - Linear Guage.  Set your gauge maximum value to the maximum number of SSL-VPNs you have licensed.  Set your style of gauge and off you go.  It will now be part of your view.
 
The gauge will show you both your number of SSL-VPN users graphically on the gauge as well as a number of your currently logged in SSL-VPN users.
see the last post https://thwack.solarwinds.com/thread/51594

For more details
there are some ways to get this to work:
 
1.create a node with the vpn ip address and icmp poll against that address for up/down stats.
2. setup SNMP Trap alerting; the vpn device will trap on a tunnel going down, and you could use the trap viewer to generate and email based on the trap from with in npm.
3.or you use the Universal Device Poller to monitor these in NPM with the info below:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.171
https://thwack.solarwinds.com/thread/63370
0
 
LVL 64

Expert Comment

by:btan
ID: 41714994
For consideration
ID: 40510741
ID: 41714990
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question