PIX VPN user auth via syslog

Discussion in 'Cisco' started by Cen, Oct 27, 2005.

  1. Cen

    Cen Guest

    How do i track user login session into PIX via local authentication with
    syslog. I was able to track authentication success syslog event whenever a
    user logs in via VPN, but when the user disconnects the VPN session, no
    corresponding syslog message was sent.
    Any ideas?
     
    Cen, Oct 27, 2005
    #1
    1. Advertisements

  2. :How do i track user login session into PIX via local authentication with
    :syslog. I was able to track authentication success syslog event whenever a
    :user logs in via VPN, but when the user disconnects the VPN session, no
    :corresponding syslog message was sent.
    :Any ideas?

    Unless the VPN client sends a clean "I am shutting down now" message
    [and I do not know if those exist in IPSec], then VPNs cannot tell
    the difference between the user disconnecting cleanly, the user
    losing the network connection, or the user simply not sending anything.

    IPSec does have a "Delete all Security Associations with this
    identity" token, but that token is used in contexts other than
    logout.

    If you need more accurate track of when the user BSOD'd, then
    you should probably turn on some kind of keep-alive.
     
    Walter Roberson, Oct 27, 2005
    #2
    1. Advertisements

  3. upgrade the PIXOS to latest - here there are many new syslog especially for
    VPN.
    then configure the appropiate log-level to syslogd.

    HTH
    MArtin
     
    Martin Bilgrav, Oct 27, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.