-
November 2nd, 2008, 01:02 AM
#1
How to Log VPN Access - Cisco VPN
I have a handful of techs that have VPN access to my data center via Cisco VPN client software. I would like to be able to log their VPN access (e.g. cisco userid, date/time, external IP, etc...). Ideally to syslog.
Regards,
CSR
-
November 2nd, 2008, 08:44 AM
#2
Well not sure if it would help or if it pertains to your situation but you could setup a TACACS server, this would provide logging.. hopefully this is what your looking for. some of the places I've worked at before used TACACS for logging and authentication.
LOGIN: yes
PASSWORD: I dont have one
"Login Failed"
-
November 2nd, 2008, 09:18 AM
#3
Thanks moxquito. I was hoping to avoid installing RADIUS or TACACS. It's only a handful of techs. I would be curious to know if anyone has any experience with the free version of tacacs that cisco provides, but doesnt support. Other recommendations? Servers are opensuse 10.3 64 bit.
-
November 2nd, 2008, 10:35 AM
#4
Ok well I may be beating the perverbial horse with a dead stick but doesn't your vpn server provide logging? Or is it just not logging it to syslog.
LOGIN: yes
PASSWORD: I dont have one
"Login Failed"
-
November 2nd, 2008, 11:26 AM
#5
This will help:
http://www.ciscopress.com/articles/a...26638&seqNum=3
A RASIUS/TACACS server will allow you to log much more though. It' allow you to enable AAA (Authentication, Authorisation and Accounting).
http://www.cisco.com/en/US/docs/ios/...ub/C262C1.html
Last edited by SirDice; November 2nd, 2008 at 11:29 AM.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 2nd, 2008, 01:37 PM
#6
Thanks SirDice.
I already have the syslog setup and working fine. However, regardless of which logging level I set, I dont get the userid for the login/session connection. I can get many messages. e.g. login attempts, crypto handshakes, tunnel creations, logoff, but none of the message contain the userid used for authentication/authorization.
I guess I am going to investigate tacacs+ and radius.
-
November 4th, 2008, 10:57 AM
#7
Besides knowing which user is logged in AAA can show you which commands they entered. You also have more fine grained privileges, the enable password can be different for each user and you can limit which commands they're allowed even when in enable mode.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 5th, 2008, 07:01 PM
#8
Gave up trying to get tac_plus installed and configured on 64bit opensuse.
Ran into a whole variety of compile issues. Installed freeradius. Probably overkill, but the install/config was a breeze. Thanks again for your suggestions.
CSR
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By GbinaryR in forum AntiVirus Discussions
Replies: 11
Last Post: October 30th, 2008, 09:33 AM
-
By ThePreacher in forum Miscellaneous Security Discussions
Replies: 17
Last Post: December 14th, 2006, 09:37 PM
-
By phishphreek in forum Network Security Discussions
Replies: 0
Last Post: December 10th, 2003, 08:00 PM
-
By hatebreed2000 in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: March 14th, 2003, 06:36 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|