Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

View log of client VPN connections and disconnections from a Cisco ASA in Solarwinds

Posted on 2014-12-19
5
Medium Priority
?
273 Views
Last Modified: 2016-07-17
I need to log start and stop times for all client vpn connections that terminate on a Cisco ASA 5510.  I currently use Solarwinds for Syslog and Netflow data, but I'm not exactly sure how to extract and view VPN only data in Solarwinds.

Any ideas?
0
Comment
Question by:tballin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 40510741
I was thinking this may be of relevance and help which uses  Orion Universal Device Poller to monitor with NPM. Separately Cisco has SNMP Object Navigator. The OID in the CISCO-IPSEC-FLOW-MONITOR-MIB can reflect couple of fields which reflects the current number of active tunnels, strat and stop of tunnel in  phase 1/2 and also the remote peer IP address. The navigator list out what the OID represents. There are also discussion on monitoring the ssl vpn , you can check out the steps shared to configure UnDP and view using "Custom Object Resource" (though it did not state the specific OID we are interested for start/end)..

Also from Cisco ASA, you can check out this which stated via console issuing "show vpn-sessiondb l2l" (exmple stated particular peer of interest) and also via ASDM to check the Monitoring section on the VPN information where you will select Site to Site VPN / L2L VPN. This should show the list of L2L VPN connections possibly active on the ASA. But do note the below pertaining the console instructions based on client connection that is of interest.

sh vpn-sessiondb remote (IPSec Remote VPN Clients)
sh vpn-sessiondb l2l (L2L Tunnels)
sh vpn-sessiondb svc (SSL VPN / Anyconnect Clients)
0
 
LVL 65

Expert Comment

by:btan
ID: 41714990
Specifically in solarwinds my previous post leads to the showing of the list of vpn
Go to Orion Universal Device Poller.  Add a new sensor and use OID 1.3.6.1.4.1.9.9.392.1.3.35.0.  Make sure your MIB Value Type is Raw Value, Format is None, and SNMP Get Type is GET.  At that point, add your firewalls of interest to the poller.
Go to your Solarwinds view of interest and add a "Custom Object Resource".  Give it your title, choose your node, and for Select object resource, I chose Universal Device Poller - Linear Guage.  Set your gauge maximum value to the maximum number of SSL-VPNs you have licensed.  Set your style of gauge and off you go.  It will now be part of your view.
 
The gauge will show you both your number of SSL-VPN users graphically on the gauge as well as a number of your currently logged in SSL-VPN users.
see the last post https://thwack.solarwinds.com/thread/51594

For more details
there are some ways to get this to work:
 
1.create a node with the vpn ip address and icmp poll against that address for up/down stats.
2. setup SNMP Trap alerting; the vpn device will trap on a tunnel going down, and you could use the trap viewer to generate and email based on the trap from with in npm.
3.or you use the Universal Device Poller to monitor these in NPM with the info below:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.171
https://thwack.solarwinds.com/thread/63370
0
 
LVL 65

Expert Comment

by:btan
ID: 41714994
For consideration
ID: 40510741
ID: 41714990
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question