Cisco ASA peeps - IPSec RAS VPN's, Need to obtain logs on user sessions

DJMK4 · 31 Jan 2014 at 11:36

Hi all,

Just a quick question, I need to obtain a log of the user sessions that are logging in over IPSec RAS VPN, sometimes (on the newer firewalls) I have been able to go in over CLI and do a show log which would generate, you can see attempts including username, session time etc along with orinating IP.

They have RADIUS servers configured, I have someone looking to see if they can grip logs of the RADIUS server, but at the moment prooving not fruitful.

This appears to be an older firewall so the show log is not really generating what I need, is there another easy command to use to just simply show the IPSec RAS VPN attempts?

I am just looking through the show isakmp commands to see if this is what I need.

DJMK4 · 31 Jan 2014 at 11:49

I have found the command "show ipsec sa" which will give a basic list of active sessions.

However I dont seem to be able to output "historical" logs.

GefGz · 31 Jan 2014 at 12:44

I'm not into networking but would this webpage help?
http://www.cisco.com/en/US/docs/rou..._syssec_cr41crs_chapter_010.html#wp3505354082

Googling stuff is about as far as my knowledge goes for Cisco products

BetterOffLiving · 31 Jan 2014 at 21:14

If you can setup a syslog server, you can send the output of IPSEC sessions(logins, etc) to the syslog. Or if using RADIUS you can send that output to syslog. Might not be able to configure that granularity on ASA, but on any good syslog server you can ignore output your not interested in. I use kiwi syslog server, I think you can get a free download or trial

DJMK4 · 31 Jan 2014 at 23:46

Yeah I was grepping off the syslog server earlier, bit of pain though the info they want is not there, some is, mainly for active connections, but then you have to grep by day