I have a handful of techs that have VPN access to my data center via Cisco VPN client software. I would like to be able to log their VPN access (e.g. cisco userid, date/time, external IP, etc...). Ideally to syslog.
Regards,
CSR
Printable View
I have a handful of techs that have VPN access to my data center via Cisco VPN client software. I would like to be able to log their VPN access (e.g. cisco userid, date/time, external IP, etc...). Ideally to syslog.
Regards,
CSR
Well not sure if it would help or if it pertains to your situation but you could setup a TACACS server, this would provide logging.. hopefully this is what your looking for. some of the places I've worked at before used TACACS for logging and authentication.
Thanks moxquito. I was hoping to avoid installing RADIUS or TACACS. It's only a handful of techs. I would be curious to know if anyone has any experience with the free version of tacacs that cisco provides, but doesnt support. Other recommendations? Servers are opensuse 10.3 64 bit.
Ok well I may be beating the perverbial horse with a dead stick but doesn't your vpn server provide logging? Or is it just not logging it to syslog.
This will help:
http://www.ciscopress.com/articles/a...26638&seqNum=3
A RASIUS/TACACS server will allow you to log much more though. It' allow you to enable AAA (Authentication, Authorisation and Accounting).
http://www.cisco.com/en/US/docs/ios/...ub/C262C1.html
Thanks SirDice.
I already have the syslog setup and working fine. However, regardless of which logging level I set, I dont get the userid for the login/session connection. I can get many messages. e.g. login attempts, crypto handshakes, tunnel creations, logoff, but none of the message contain the userid used for authentication/authorization.
I guess I am going to investigate tacacs+ and radius.
Besides knowing which user is logged in AAA can show you which commands they entered. You also have more fine grained privileges, the enable password can be different for each user and you can limit which commands they're allowed even when in enable mode.
Gave up trying to get tac_plus installed and configured on 64bit opensuse.
Ran into a whole variety of compile issues. Installed freeradius. Probably overkill, but the install/config was a breeze. Thanks again for your suggestions.
CSR