Results 1 to 8 of 8

Thread: How to Log VPN Access - Cisco VPN

  1. #1
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378

    How to Log VPN Access - Cisco VPN

    I have a handful of techs that have VPN access to my data center via Cisco VPN client software. I would like to be able to log their VPN access (e.g. cisco userid, date/time, external IP, etc...). Ideally to syslog.

    Regards,
    CSR

  2. #2
    Senior Member
    Join Date
    Nov 2007
    Location
    Phoenix, Arizona
    Posts
    102
    Well not sure if it would help or if it pertains to your situation but you could setup a TACACS server, this would provide logging.. hopefully this is what your looking for. some of the places I've worked at before used TACACS for logging and authentication.
    LOGIN: yes
    PASSWORD: I dont have one
    "Login Failed"

  3. #3
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Thanks moxquito. I was hoping to avoid installing RADIUS or TACACS. It's only a handful of techs. I would be curious to know if anyone has any experience with the free version of tacacs that cisco provides, but doesnt support. Other recommendations? Servers are opensuse 10.3 64 bit.

  4. #4
    Senior Member
    Join Date
    Nov 2007
    Location
    Phoenix, Arizona
    Posts
    102
    Ok well I may be beating the perverbial horse with a dead stick but doesn't your vpn server provide logging? Or is it just not logging it to syslog.
    LOGIN: yes
    PASSWORD: I dont have one
    "Login Failed"

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    This will help:

    http://www.ciscopress.com/articles/a...26638&seqNum=3

    A RASIUS/TACACS server will allow you to log much more though. It' allow you to enable AAA (Authentication, Authorisation and Accounting).

    http://www.cisco.com/en/US/docs/ios/...ub/C262C1.html
    Last edited by SirDice; November 2nd, 2008 at 11:29 AM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Thanks SirDice.

    I already have the syslog setup and working fine. However, regardless of which logging level I set, I dont get the userid for the login/session connection. I can get many messages. e.g. login attempts, crypto handshakes, tunnel creations, logoff, but none of the message contain the userid used for authentication/authorization.

    I guess I am going to investigate tacacs+ and radius.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Besides knowing which user is logged in AAA can show you which commands they entered. You also have more fine grained privileges, the enable password can be different for each user and you can limit which commands they're allowed even when in enable mode.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378

    Talking

    Gave up trying to get tac_plus installed and configured on 64bit opensuse.
    Ran into a whole variety of compile issues. Installed freeradius. Probably overkill, but the install/config was a breeze. Thanks again for your suggestions.

    CSR

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Trojans - Ports
    By GbinaryR in forum AntiVirus Discussions
    Replies: 11
    Last Post: October 30th, 2008, 09:33 AM
  3. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  4. Cisco ACNS software users!
    By phishphreek in forum Network Security Discussions
    Replies: 0
    Last Post: December 10th, 2003, 08:00 PM
  5. ports
    By hatebreed2000 in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: March 14th, 2003, 06:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •