Monitoring VPN Sessions
Hi,
I have configured Remote Access IPSEC VPNS on my Cisco 5510 Security plus firewall now i need to monitor all remote access VPN session records and activities of VPN users as its need.
Kindly suggest the best solution.
Regards,
Arshad Ahmed
Arshad,
Just to add my two cents, to Collin´s post (5 stars).
ASA/PIX: Pass-through Traffic Accounting for VPN Clients Using ACS Configuration Example
Managing Accounting in NPS
HTH.
Portu.
Please rate any helpful posts and mark this question as answered if you do not have any further questions.
Similar Messages
-
Hello all,
I have couple of IKE/IPSEC VPN client connexions enabled over an ASA 5515 and I would like to log VPN activity (user login name, connection time and duration, ...) like information I can see going to "Monitoring >> VPN >> VPN Statistics >> Sessions.
Thanks for you help
Regards,Thanks Jeff.
I use Syslog Wacther.
I have looked for "%ASA-4-722051" or "%ASA-4-113019" but I will get 113019 and it reffers to a disconnection ... :/
I will check around for the global list of identifiers ... and let you know -
ASA 5505 site-to-site VPN tunnel and client VPN sessions
Hello all
I have several years of general networking experience, but I have not yet had to set up an ASA from the ground up, so please bear with me.
I have a client who needs to establish a VPN tunnel from his satellite office (Site A) to his corporate office (Site Z). His satellite office will have a single PC sitting behind the ASA. In addition, he needs to be able to VPN from his home (Site H) to Site A to access his PC.
The first question I have is about the ASA 5505 and the various licensing options. I want to ensure that an ASA5505-BUN-K9 will be able to establish the site-to-site tunnel as well as allow him to use either the IPsec or SSL VPN client to connect from Site H to Site A. Would someone please confirm or deny that for me?
Secondly, I would like to verify that no special routing or configuration would need to take place in order to allow traffic not destined for Site Z (i.e., general web browsing or other traffic to any resource that is not part of the Site Z network) to go out his outside interface without specifically traversing the VPN tunnel (split tunneling?)
Finally, if the client were to establish a VPN session from Site H to Site A, would that allow for him to connect directly into resources at Site Z without any special firewall security rules? Since the VPN session would come in on the outside interface, and the tunnel back to Site Z goes out on the same interface, would this constitute a split horizon scenario that would call for a more complex config, or will the ASA handle that automatically without issue?
I don't yet have the equipment in-hand, so I can't provide any sample configs for you to look over, but I will certainly do so once I've got it.
Thanks in advance for any assistance provided!First question:
Yes, 5505 will be able to establish site-to-site tunnel, and he can use IPSec vpn client, and SSL VPN (it comes with 2 default SSL VPN license).
Second question:
Yes, you are right. No special routing is required. All you need to configure is site-to-site VPN between Site A and Site Z LAN, and the internet traffic will be routed via Site A internet. Assuming you have all the NAT statement configured for that.
Last question:
This needs to be configured, it wouldn't automatically allow access to Site Z when he VPNs in to Site A.
Here is what needs to be configured:
1) Split tunnel ACL for VPN Client should include both Site Z and Site A LAN subnets.
2) On site A configures: same-security-traffic permit intra-interface
3) Crypto ACL for the site-to-site tunnel between Site Z and Site A needs to include the VPN Client pool subnet as follows:
On Site Z:
access-list permit ip
On Site A:
access-list permit ip
4) NAT exemption on site Z needs to include vpn client pool subnet as well.
Hope that helps.
Message was edited by: Jennifer Halim -
WRVS4400N breaks VPN session during https connection to a LAN host
Hello,
here comes the incident description:
WRVS4400N breaks established VPN session if I am trying to connect to any LAN host via HTTPS.
Did anyone experience similar issue?
What a workaround could be?
Many thanks in advance, appreciate your time.
Solved!
Go to Solution.These products are being handled by the Cisco Small Business Support Community. (URL: https://supportforums.cisco.com/community/netpro/small-business )
-
I have a java application running at the front end.
The user logs into the java application and access the data.
I have user complaining regarding slow response of application(not always but atleast 2 to 3 times in a day while she is working)
Since the user is accessing through JAVA application and the apps server we are using is weblogic,Iam not able to track her session.
We are using ORACLE 9i ,and when I try to monitor the schema through which the data is accessed I see the status INACTIVE, though I asked user to logoff and login .
I have tried monitoring v$session views but it didnt work.I usually have 5 to 6 sessions always in inactive state on my enterprise manager for that particular schema.
Please help me out and give me a way how can I monitor or track that particular user.
Iam new to administartion
tahnk you
Message was edited by:
penn_vikAssuming that your middle tier is using a connection pool (the norm), the problem is that there is no relationship between a particular user's logical session and a physical database session. Each page the user hits in the application, for example, is potentially going to use a different connection from the connection pool and thus a different database session. And different users may be using the same database session just before and just after your user.
In general, when you have this sort of architecture, you need to have instrumentation built into the middle tier application in order to get anything useful done, at least to the point that the middle tier can enable and disable tracing when it gets a connection from the pool for a particular logical user session. Otherwise, you could enable tracing for the entire database, which is going to be a significant overhead, and try to comb through dozens of trace files to figure out what sessions were related to your particular user, which is at a minimum likely to be a substantial undertaking.
Justin -
VPN session in cisco ASA reflect a different source public ip
Hi all,
I tested and manage to establish vpn on my cisco asa 5520 successfully.
On my syslog i can see "anyconnect parent session started" upon my vpn establishment and "webvpn session terminated" upon terminating my vpn session
where the correct public ip used to establish the vpn is reflected. However after the "webvpn session terminated" line, i can see other lines in my syslog, example "Group=vpngroup, username=test, ip = x.x.x.x, session disconnected, session type:anyconnect parent, duration 0h:00m23s, bytes xmt: 0, bytes rcv:0, reason: user requested" where x.x.x.x is not the ip address used to establish my remote access vpn, neither is it the ip related to my vpn infra. I am very sure that the ip x.x.x.x did not establish any vpn to my cisco asa5520. Hence why is it reflected in my cisco asa logs? Pls advise, TIA!Hi,
Think I remember some posting about a similiar issue in the past. Did a couple of google searches and the following BugID was mentioned in the discussion.
syslog 113019 reports invalid address when VPN client disconnects.
CSCub72545
Description
Symptom:
Syslog reports an invalid IP Address.
Conditions:
This condition occurs when a VPN Client is disconnected.
Workaround:
There is no mention of a workaround. Just mention of software versions that should correct the problem
The link to the actual page/document is the following
https://tools.cisco.com/bugsearch/bug/CSCub72545
Perhaps this is the bug you are running into or something similiar.
- Jouni -
VPN session remains up but can no longer get to internal devices
Our remote users in Germany are provided with a mixture of Vodafone 3G Mobile Connect Cards (PCMCIA) and "USB sticks" for cellular broadband access. Installed on their laptops is Vodafone's Mobile Connect Client & Cisco VPN client version 5.
To connect, they first connect to Vodafone's "VPN access point" -- Vodafone's VPN only service offering. Once connected, they VPN into the network with the Cisco client. All users connect to a Cisco 3020 Concentrator.
Users are able to access network resources, however, they lose connectivity after 5-10min. What's unusual is, it doesn't look like the VPN session drops since the padlock in the right hand corner remains locked; they just can't access network resources.
To troubleshoot...
a) We had a user establish a VPN session then immediately start a continuous ping to an internal device's IP address. The connection stayed up for 20min before requests started timing out.
b) We enabled "IPSec over TCP" on the client and Concentrator side, no change.
What could possibly be causing this behavior?Does Vodafone use Venturi Transport Protocol clients for Windows like Verizon's does with their EvDO cards? If so, we had to turn off and eventually uninstall the Venturi client software because it detrimentally interfered with IPsec traffic.
-Gary -
Monitoring Users session with specific profiles
Hi,
I created a specific profile that terminates a session with idle time 4 minutes. I would like to know how to monitoring which sessions are been disconnected by Oracle.
Thanks in advance,enable auditing by using
alter system set audit_trail = db scope=spfile
and bounce
Then issue audit connect
The dba_audit_session view will have the reason why the process was disconnected.
Sybrand Bakker
Senior Oracle DBA -
Monitoring Oracle session with SQL_ID
Hi All,
How can I know a SQL_ID belonging to a user/schema in Oracle. Can anyone post me the query to find the SQL QUERY/SQL_ID belonging to a user session. I have googled but dint get what i expected. Hope I get it here. We dont have OEM configured to monitor the session.
Oracle DB version : 10.2.0.5
OS version : IBM - AIX
Regards,
Imran Khanimran khan wrote:
Hi All,
How can I know a SQL_ID belonging to a user/schema in Oracle. Can anyone post me the query to find the SQL QUERY/SQL_ID belonging to a user session. I have googled but dint get what i expected. Hope I get it here. We dont have OEM configured to monitor the session.
Oracle DB version : 10.2.0.5
OS version : IBM - AIX
Regards,
Imran Khanlook for SQL_ID below
SQL> desc v$session
Name Null? Type
SADDR RAW(4)
SID NUMBER
SERIAL# NUMBER
AUDSID NUMBER
PADDR RAW(4)
USER# NUMBER
USERNAME VARCHAR2(30)
COMMAND NUMBER
OWNERID NUMBER
TADDR VARCHAR2(8)
LOCKWAIT VARCHAR2(8)
STATUS VARCHAR2(8)
SERVER VARCHAR2(9)
SCHEMA# NUMBER
SCHEMANAME VARCHAR2(30)
OSUSER VARCHAR2(30)
PROCESS VARCHAR2(24)
MACHINE VARCHAR2(64)
PORT NUMBER
TERMINAL VARCHAR2(30)
PROGRAM VARCHAR2(48)
TYPE VARCHAR2(10)
SQL_ADDRESS RAW(4)
SQL_HASH_VALUE NUMBER
SQL_ID VARCHAR2(13)
SQL_CHILD_NUMBER NUMBER
SQL_EXEC_START DATE
SQL_EXEC_ID NUMBER
PREV_SQL_ADDR RAW(4)
PREV_HASH_VALUE NUMBER
PREV_SQL_ID VARCHAR2(13)
PREV_CHILD_NUMBER NUMBER
PREV_EXEC_START DATE
PREV_EXEC_ID NUMBER
PLSQL_ENTRY_OBJECT_ID NUMBER
PLSQL_ENTRY_SUBPROGRAM_ID NUMBER
PLSQL_OBJECT_ID NUMBER
PLSQL_SUBPROGRAM_ID NUMBER
MODULE VARCHAR2(64)
MODULE_HASH NUMBER
ACTION VARCHAR2(64)
ACTION_HASH NUMBER
CLIENT_INFO VARCHAR2(64)
FIXED_TABLE_SEQUENCE NUMBER
ROW_WAIT_OBJ# NUMBER
ROW_WAIT_FILE# NUMBER
ROW_WAIT_BLOCK# NUMBER
ROW_WAIT_ROW# NUMBER
TOP_LEVEL_CALL# NUMBER
LOGON_TIME DATE
LAST_CALL_ET NUMBER
PDML_ENABLED VARCHAR2(3)
FAILOVER_TYPE VARCHAR2(13)
FAILOVER_METHOD VARCHAR2(10)
FAILED_OVER VARCHAR2(3)
RESOURCE_CONSUMER_GROUP VARCHAR2(32)
PDML_STATUS VARCHAR2(8)
PDDL_STATUS VARCHAR2(8)
PQ_STATUS VARCHAR2(8)
CURRENT_QUEUE_DURATION NUMBER
CLIENT_IDENTIFIER VARCHAR2(64)
BLOCKING_SESSION_STATUS VARCHAR2(11)
BLOCKING_INSTANCE NUMBER
BLOCKING_SESSION NUMBER
FINAL_BLOCKING_SESSION_STATUS VARCHAR2(11)
FINAL_BLOCKING_INSTANCE NUMBER
FINAL_BLOCKING_SESSION NUMBER
SEQ# NUMBER
EVENT# NUMBER
EVENT VARCHAR2(64)
P1TEXT VARCHAR2(64)
P1 NUMBER
P1RAW RAW(8)
P2TEXT VARCHAR2(64)
P2 NUMBER
P2RAW RAW(8)
P3TEXT VARCHAR2(64)
P3 NUMBER
P3RAW RAW(8)
WAIT_CLASS_ID NUMBER
WAIT_CLASS# NUMBER
WAIT_CLASS VARCHAR2(64)
WAIT_TIME NUMBER
SECONDS_IN_WAIT NUMBER
STATE VARCHAR2(19)
WAIT_TIME_MICRO NUMBER
TIME_REMAINING_MICRO NUMBER
TIME_SINCE_LAST_WAIT_MICRO NUMBER
SERVICE_NAME VARCHAR2(64)
SQL_TRACE VARCHAR2(8)
SQL_TRACE_WAITS VARCHAR2(5)
SQL_TRACE_BINDS VARCHAR2(5)
SQL_TRACE_PLAN_STATS VARCHAR2(10)
SESSION_EDITION_ID NUMBER
CREATOR_ADDR RAW(4)
CREATOR_SERIAL# NUMBER
ECID VARCHAR2(64) -
CSM disconnects VPN sessions upon config deployment.
CSM version 4.3 SP1
Hi,
I've noticed that while deploying configuration to our ASA5520 devices active VPN sessions are being disconnected.
Has anyone noticed the same ?
I've not found anything related in Cisco Forum.
I also have not found anything related at Cisco BugToolkit.
Thanks for help.
Krzysztofand from asa device perspective (debug log):
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
and lots more -
Hi guys,
I have a need to monitor VPN clients where I have TMG 2010 as my VPN server.
I just want to know from where clients are initiated their vpns.I mean their vlaid IPs not which TMG gives them.
Is there any third party software to do this?
ThanksHi,
When configuring the VPN connection on the TMG server, which kind of IP address assignment method you had selected?
If you select the static address pool, then the remote VPN clients would obtain IP addresses from this range.
If you have a DHCP server and select DHCP option, then
TMG firewall will request 10 IP addresses from the DHCP scope each time to assign its VPN interface an IP address and to assign IP addresses to the VPN clients.
More information:
Configuring VPN address assignment
Best regards,
Susie -
Internet sessions, VPN session, and connections dropping frequently
I'm in an apartment. This problem started about a week ago. All of my browser sessions, vpn session, and connections such as AIM or netflix drop frequently. I often have to click links twice to get a page to load. I have to reload videos a lot to get them to continue to stream. I am constantly signing in and out of AOL IM.
I believe the problem has to do with several MoCs (coax connections) listed on my router page, and these MoCs have names of other people on them. Until I noticed them a week ago, I had only seen one MoC belonging to me listed on the router connection page.
Thus, I think that something got crossed up of misconfigured in the ONT for my apartment complex. The gateway light on my router stays green as all of these problems happen.
Pinging google.com, I get
--- google.com ping statistics ---76 packets transmitted, 55 packets received, 27.6% packet lossround-trip min/avg/max/stddev = 31.282/39.339/48.217/3.548 ms
Anyone seen this before and know how to get verizon to fix this?
I have had nothing but problems with FIOS since getting it, and I have wasted a lot of time with their "customer support."I am sorry to hear about your connection problems. I have sent you a private message so we can get your information and look more deep into your connection.
Anthony_VZ
**If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan -
Can AnyConnect VPN Session Surviving a Logoff ?
I see that AnyConnect is a Service. We sometimes have issues with remotes losing their Windows passwords. When this happens, we have them log in locally, (with a non-domain account), then connect to the VPN, then logoff, (the Contivity VPN Session will stay established), then we reset their password, and they log in with their new password. Some VPNs use a feature called 'Logoff at Connect' to accomplish this. Any information would be greatly appreciated.
To log off all AnyConnect Client and SSL VPN sessions, use the vpn-sessiondb logoff svc command in global configuration mode:
vpn-sessiondb logoff svc. In response, the system asks you to confirm that you want to log off the VPN sessions. To confirm press Enter or type y. Entering any other key cancels the logging off.
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect22/administration/guide/22admin6.html#wp999635 -
We currently have vpn-session-timeout none. We want to disconnect users if the session is inactive for 60 mins. How would I make this chage and any problems with this?
vpn-idle-timeout = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected
vpn-session-timeout = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.
This if for specific user-
hostname(config)# username anyuser attributes
hostname(config-username)# vpn-session-timeout
Hope this help.
Thanks
Ajay -
ASDM 7.1(1)52 device dashboard shows ghost VPN Sessions
Hi,
I just upgraded one of our 5520 ASA to serve ASDM 7.1(1)52 and noticed something interesting.
When I look Device Dashboard / VPN Sessions, I see example 14 IPSec connections.
BUT, If I Click Details, I only get 10 Real IPsec connections shown.
I do not recall seen this earlier, with older ASDM versions.
Anyone seen similar or has any idea, why this is happening ?
Cheers;
-jraLooked Around other ASA boxes and these ghost sessions seems truly come with new ASDM software.
All boxes, which has ASDM 6.2 shows correct count of IPSec connections on main screen.
All boxes, which has ASDM 7.1 shows 5 - 15 more IPSec connectios, than details page / CLI shows.
Maybe you are looking for
-
Where a system saved a old ABC indicator
Dear expert Hi We are working in our company with ABC indicator for cycle counting , Trans: MIBC I will need to create a new Query when we can see what is the old ABC indicator and what is the new ABC indicator after we update a indicator with MIBC P
-
Prompt to Update Account with Mobile Phone Number WON'T STOP APPEARING
When signing in to Verizon a box keeps coming up to enter mobile phone number. I have been checking off "No Number" and it says account settings updated but the box keeps appearing. I have deleted cookies and history as instructed by cust. svc but th
-
I have a Belkin Pre-N Wireless Router, a 1.5ghz PowerBook G4, and a bunch of other computers. Almost everything I download on the PowerBook fails. Disk Images fail verification. Zipped files refuse to unzip with errors. It seems to happen when I down
-
New iPhone question (picture mail)
Just got the 3G iPhone and I was wondering why I cannot recieve pictures via text message, (picture mail). Is there something I need to download, or is it not possible?
-
I can not watch itunes festival an error ocurred
i can not acces itunes festival gime me error