How to get a list of frequent VPN users from a Cisco ASA 5510

cisco-asaloggingusers

The Cisco ASA 5510 here at work is being decommissioned and I want to find out what users used it alot. I didn't set this thing up myself, but it would be nice to add the same users to the new system by finding out a list of the old users.

Best Answer

If you have a month or so, you could use a script to read the log files.

I have a perl script that basic opens the log file and looks for the following

fw.*(Group = NETOPS_TUNNEL). (Username = .*) (authenticated.)

You can then spit the user name out into a variable and count.

I would love to give you the code, but, its tightly integrated into a management toolkit that i wrote.

To push the data to a syslog server you need the following commands.

logging enable
logging timestamp
logging trap errors
logging host inside <syslog host>
logging message 113009 level errors
logging message 113008 level errors
logging message 113014 level errors
logging message 113004 level errors
logging message 713052 level errors
logging message 715019 level errors

The above switches on logging, Logs with a timstamp, sets logging to "error" and then sets where to send the logs

The other statements change the default level of certain log messages that might be usefull for you. (Normally they are not logged at the error level)

Some more info

Related Solutions

Cisco ASA (Client VPN) to LAN – through second VPN to second LAN

Surely, you can achieve this scenario. It is called "Hairpinning" . you need the following : - configure the remote-access users POOL to be part of the crypto access-list associated with crypto map - configure NAT-EXEMPT or NO-NAT access-list to include the pool.

most importantly:

configure this command: "same-security-traffic permit intra-interface" to permit traffic to come in and go out the same interface in Cisco ASA.
configure the tunnel peer (router) to include the remote-access users pool in the crypto access-list, because the L2L tunnel crypto access-list must be mirrored in both peers.
if remote access users use split-tunneling, then you need to ensure that the subnets behind the remote peer (router) are included in the split-tunnel access-list

see this: https://supportforums.cisco.com/message/3864922

Hope This Helps.

Mashal

Cisco ASA 5510 multiple time-range commands

It took some trial and error, but I found out how to make this work. I had to create a new class-map for the new access-lists, but once I did that, everything seemed to work fine.

Here's the relevant portions of the final config, for reference:

time-range Night_Weekend
 periodic weekdays 0:00 to 6:59
 periodic weekend 0:00 to 23:59
 periodic weekdays 19:00 to 23:59
!
time-range SchoolDay
 periodic weekdays 7:00 to 18:59

access-list Wireless-AL extended permit ip object-group Wireless any time-range SchoolDay
access-list Wireless-AL extended permit ip any object-group Wireless time-range SchoolDay

access-list WirelessNight-AL extended permit ip object-group Wireless any time-range Night_Weekend
access-list WirelessNight-AL extended permit ip any object-group Wireless time-range Night_Weekend

class-map Wireless-AL
 description Student's wireless network traffic
 match access-list GPREP-Wireless
class-map WirelessNight-AL
 description Student's wireless network traffic for Nights_Weekends
 match access-list WirelessNight-AL

policy-map WirelessLimit
 class Wireless-AL
  police input 1000000 187500
  police output 1000000 187500
 class WirelessNight-AL
  police input 3000000 562500
  police output 3000000 562500

Best Answer

Related Solutions

Cisco ASA (Client VPN) to LAN – through second VPN to second LAN

Cisco ASA 5510 multiple time-range commands

Related Topic