|
Posted by Al on July 25, 2007, 3:57 pm
> My PIX 515E (running 6.5.4) is currently used to authenticate
> different VPN connections from users running Cisco VPN Clients.
> I would like to get a report of the users who connect to the PIX every
> day.
> My idea was to monitor the syslog and send an alert when a specific
> string appears in the log (using kiwi syslog alert function)
> I checked the syslog but I only found information regarding
> ISAKMP session connected
> ISAKMP Phase 1 SA created
> sa created
> with no info regarding the group used to connect. This is not useful
> How can I get the correct information in the syslog so I can recognize
> which user connected?
> Otherwise, have you a better idea to get this kind of daily report?
> Thanks
You're probably better off looking into the 'accounting' part of AAA,
see:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
Should be quite easy to setup, we use FreeRADIUS running on Debian
Linux to provide authentication/accounting for vpn clients.
(Though they are terminated on an IOS router, not a PIX/ASA)
Hope that helps.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map
> different VPN connections from users running Cisco VPN Clients.
> I would like to get a report of the users who connect to the PIX every
> day.
> My idea was to monitor the syslog and send an alert when a specific
> string appears in the log (using kiwi syslog alert function)
> I checked the syslog but I only found information regarding
> ISAKMP session connected
> ISAKMP Phase 1 SA created
> sa created
> with no info regarding the group used to connect. This is not useful
> How can I get the correct information in the syslog so I can recognize
> which user connected?
> Otherwise, have you a better idea to get this kind of daily report?
> Thanks