Solved

View log of client VPN connections and disconnections from a Cisco ASA in Solarwinds

Posted on 2014-12-19
5
103 Views
Last Modified: 2016-07-17
I need to log start and stop times for all client vpn connections that terminate on a Cisco ASA 5510.  I currently use Solarwinds for Syslog and Netflow data, but I'm not exactly sure how to extract and view VPN only data in Solarwinds.

Any ideas?
0
Comment
Question by:tballin
  • 3
5 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40510741
I was thinking this may be of relevance and help which uses  Orion Universal Device Poller to monitor with NPM. Separately Cisco has SNMP Object Navigator. The OID in the CISCO-IPSEC-FLOW-MONITOR-MIB can reflect couple of fields which reflects the current number of active tunnels, strat and stop of tunnel in  phase 1/2 and also the remote peer IP address. The navigator list out what the OID represents. There are also discussion on monitoring the ssl vpn , you can check out the steps shared to configure UnDP and view using "Custom Object Resource" (though it did not state the specific OID we are interested for start/end)..

Also from Cisco ASA, you can check out this which stated via console issuing "show vpn-sessiondb l2l" (exmple stated particular peer of interest) and also via ASDM to check the Monitoring section on the VPN information where you will select Site to Site VPN / L2L VPN. This should show the list of L2L VPN connections possibly active on the ASA. But do note the below pertaining the console instructions based on client connection that is of interest.

sh vpn-sessiondb remote (IPSec Remote VPN Clients)
sh vpn-sessiondb l2l (L2L Tunnels)
sh vpn-sessiondb svc (SSL VPN / Anyconnect Clients)
0
 
LVL 62

Expert Comment

by:btan
ID: 41714990
Specifically in solarwinds my previous post leads to the showing of the list of vpn
Go to Orion Universal Device Poller.  Add a new sensor and use OID 1.3.6.1.4.1.9.9.392.1.3.35.0.  Make sure your MIB Value Type is Raw Value, Format is None, and SNMP Get Type is GET.  At that point, add your firewalls of interest to the poller.
Go to your Solarwinds view of interest and add a "Custom Object Resource".  Give it your title, choose your node, and for Select object resource, I chose Universal Device Poller - Linear Guage.  Set your gauge maximum value to the maximum number of SSL-VPNs you have licensed.  Set your style of gauge and off you go.  It will now be part of your view.
 
The gauge will show you both your number of SSL-VPN users graphically on the gauge as well as a number of your currently logged in SSL-VPN users.
see the last post https://thwack.solarwinds.com/thread/51594

For more details
there are some ways to get this to work:
 
1.create a node with the vpn ip address and icmp poll against that address for up/down stats.
2. setup SNMP Trap alerting; the vpn device will trap on a tunnel going down, and you could use the trap viewer to generate and email based on the trap from with in npm.
3.or you use the Universal Device Poller to monitor these in NPM with the info below:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.171
https://thwack.solarwinds.com/thread/63370
0
 
LVL 62

Expert Comment

by:btan
ID: 41714994
For consideration
ID: 40510741
ID: 41714990
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now