Solved

View log of client VPN connections and disconnections from a Cisco ASA in Solarwinds

Posted on 2014-12-19
5
85 Views
Last Modified: 2016-07-17
I need to log start and stop times for all client vpn connections that terminate on a Cisco ASA 5510.  I currently use Solarwinds for Syslog and Netflow data, but I'm not exactly sure how to extract and view VPN only data in Solarwinds.

Any ideas?
0
Comment
Question by:tballin
  • 3
5 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 40510741
I was thinking this may be of relevance and help which uses  Orion Universal Device Poller to monitor with NPM. Separately Cisco has SNMP Object Navigator. The OID in the CISCO-IPSEC-FLOW-MONITOR-MIB can reflect couple of fields which reflects the current number of active tunnels, strat and stop of tunnel in  phase 1/2 and also the remote peer IP address. The navigator list out what the OID represents. There are also discussion on monitoring the ssl vpn , you can check out the steps shared to configure UnDP and view using "Custom Object Resource" (though it did not state the specific OID we are interested for start/end)..

Also from Cisco ASA, you can check out this which stated via console issuing "show vpn-sessiondb l2l" (exmple stated particular peer of interest) and also via ASDM to check the Monitoring section on the VPN information where you will select Site to Site VPN / L2L VPN. This should show the list of L2L VPN connections possibly active on the ASA. But do note the below pertaining the console instructions based on client connection that is of interest.

sh vpn-sessiondb remote (IPSec Remote VPN Clients)
sh vpn-sessiondb l2l (L2L Tunnels)
sh vpn-sessiondb svc (SSL VPN / Anyconnect Clients)
0
 
LVL 61

Expert Comment

by:btan
ID: 41714990
Specifically in solarwinds my previous post leads to the showing of the list of vpn
Go to Orion Universal Device Poller.  Add a new sensor and use OID 1.3.6.1.4.1.9.9.392.1.3.35.0.  Make sure your MIB Value Type is Raw Value, Format is None, and SNMP Get Type is GET.  At that point, add your firewalls of interest to the poller.
Go to your Solarwinds view of interest and add a "Custom Object Resource".  Give it your title, choose your node, and for Select object resource, I chose Universal Device Poller - Linear Guage.  Set your gauge maximum value to the maximum number of SSL-VPNs you have licensed.  Set your style of gauge and off you go.  It will now be part of your view.
 
The gauge will show you both your number of SSL-VPN users graphically on the gauge as well as a number of your currently logged in SSL-VPN users.
see the last post https://thwack.solarwinds.com/thread/51594

For more details
there are some ways to get this to work:
 
1.create a node with the vpn ip address and icmp poll against that address for up/down stats.
2. setup SNMP Trap alerting; the vpn device will trap on a tunnel going down, and you could use the trap viewer to generate and email based on the trap from with in npm.
3.or you use the Universal Device Poller to monitor these in NPM with the info below:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.171
https://thwack.solarwinds.com/thread/63370
0
 
LVL 61

Expert Comment

by:btan
ID: 41714994
For consideration
ID: 40510741
ID: 41714990
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Is your computer hacked? learn how to detect and delete malware in your PC
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now