Monitoring VPN Sessions

Hi,
I have configured Remote Access IPSEC VPNS on my Cisco 5510 Security plus firewall now i need to monitor all remote access VPN session records and activities of VPN users as its need.
Kindly suggest the best solution.
Regards,
Arshad Ahmed

Arshad,
Just to add my two cents, to Collin´s post (5 stars).
ASA/PIX: Pass-through Traffic Accounting for VPN Clients Using ACS Configuration Example
Managing Accounting in NPS
HTH.
Portu.
Please rate any helpful posts and mark this question as answered if you do not have any further questions.

Similar Messages

  • Monitoring VPN activity

    Hello all,
    I have couple of IKE/IPSEC VPN client connexions enabled over an ASA 5515 and I would like to log VPN activity (user login name, connection time and duration, ...) like information I can see going to "Monitoring >> VPN >> VPN Statistics >> Sessions.
    Thanks for you help
    Regards,

    Thanks Jeff.
    I use Syslog Wacther.
    I have looked for "%ASA-4-722051" or "%ASA-4-113019" but I will get 113019 and it reffers to a disconnection ... :/
    I will check around for the global list of identifiers ... and let you know

  • ASA 5505 site-to-site VPN tunnel and client VPN sessions

    Hello all
    I have several years of general networking experience, but I have not yet had to set up an ASA from the ground up, so please bear with me.
    I have a client who needs to establish a VPN tunnel from his satellite office (Site A) to his corporate office (Site Z).  His satellite office will have a single PC sitting behind the ASA.  In addition, he needs to be able to VPN from his home (Site H) to Site A to access his PC.
    The first question I have is about the ASA 5505 and the various licensing options.  I want to ensure that an ASA5505-BUN-K9 will be able to establish the site-to-site tunnel as well as allow him to use either the IPsec or SSL VPN client to connect from Site H to Site A.  Would someone please confirm or deny that for me?
    Secondly, I would like to verify that no special routing or configuration would need to take place in order to allow traffic not destined for Site Z (i.e., general web browsing or other traffic to any resource that is not part of the Site Z network) to go out his outside interface without specifically traversing the VPN tunnel (split tunneling?)
    Finally, if the client were to establish a VPN session from Site H to Site A, would that allow for him to connect directly into resources at Site Z without any special firewall security rules?  Since the VPN session would come in on the outside interface, and the tunnel back to Site Z goes out on the same interface, would this constitute a split horizon scenario that would call for a more complex config, or will the ASA handle that automatically without issue?
    I don't yet have the equipment in-hand, so I can't provide any sample configs for you to look over, but I will certainly do so once I've got it.
    Thanks in advance for any assistance provided!

    First question:
    Yes, 5505 will be able to establish site-to-site tunnel, and he can use IPSec vpn client, and SSL VPN (it comes with 2 default SSL VPN license).
    Second question:
    Yes, you are right. No special routing is required. All you need to configure is site-to-site VPN between Site A and Site Z LAN, and the internet traffic will be routed via Site A internet. Assuming you have all the NAT statement configured for that.
    Last question:
    This needs to be configured, it wouldn't automatically allow access to Site Z when he VPNs in to Site A.
    Here is what needs to be configured:
    1) Split tunnel ACL for VPN Client should include both Site Z and Site A LAN subnets.
    2) On site A configures: same-security-traffic permit intra-interface
    3) Crypto ACL for the site-to-site tunnel between Site Z and Site A needs to include the VPN Client pool subnet as follows:
    On Site Z:
    access-list permit ip
    On Site A:
    access-list permit ip
    4) NAT exemption on site Z needs to include vpn client pool subnet as well.
    Hope that helps.
    Message was edited by: Jennifer Halim

  • WRVS4400N breaks VPN session during https connection to a LAN host

    Hello,
    here comes the incident description:
    WRVS4400N breaks established VPN session if I am trying to connect to any LAN host via HTTPS.
    Did anyone experience similar issue?
    What a workaround could be?
    Many thanks in advance, appreciate your time.
    Solved!
    Go to Solution.

    These products are being handled by the Cisco Small Business Support Community. (URL: https://supportforums.cisco.com/community/netpro/small-business )

  • Monitor a session

    I have a java application running at the front end.
    The user logs into the java application and access the data.
    I have user complaining regarding slow response of application(not always but atleast 2 to 3 times in a day while she is working)
    Since the user is accessing through JAVA application and the apps server we are using is weblogic,Iam not able to track her session.
    We are using ORACLE 9i ,and when I try to monitor the schema through which the data is accessed I see the status INACTIVE, though I asked user to logoff and login .
    I have tried monitoring v$session views but it didnt work.I usually have 5 to 6 sessions always in inactive state on my enterprise manager for that particular schema.
    Please help me out and give me a way how can I monitor or track that particular user.
    Iam new to administartion
    tahnk you
    Message was edited by:
    penn_vik

    Assuming that your middle tier is using a connection pool (the norm), the problem is that there is no relationship between a particular user's logical session and a physical database session. Each page the user hits in the application, for example, is potentially going to use a different connection from the connection pool and thus a different database session. And different users may be using the same database session just before and just after your user.
    In general, when you have this sort of architecture, you need to have instrumentation built into the middle tier application in order to get anything useful done, at least to the point that the middle tier can enable and disable tracing when it gets a connection from the pool for a particular logical user session. Otherwise, you could enable tracing for the entire database, which is going to be a significant overhead, and try to comb through dozens of trace files to figure out what sessions were related to your particular user, which is at a minimum likely to be a substantial undertaking.
    Justin

  • VPN session in cisco ASA reflect a different source public ip

    Hi all,
    I tested and manage to establish vpn on my cisco asa 5520 successfully.
    On my syslog i can see "anyconnect parent session started" upon my vpn establishment and "webvpn session terminated" upon terminating my vpn session
    where the correct public ip used to establish the vpn is reflected. However after the "webvpn session terminated" line, i can see other lines in my syslog, example "Group=vpngroup, username=test, ip = x.x.x.x, session disconnected, session type:anyconnect parent, duration 0h:00m23s, bytes xmt: 0, bytes rcv:0, reason: user requested" where x.x.x.x is not the ip address used to establish my remote access vpn, neither is it the ip related to my vpn infra. I am very sure that the ip x.x.x.x did not establish any vpn to my cisco asa5520. Hence why is it reflected in my cisco asa logs? Pls advise, TIA!

    Hi,
    Think I remember some posting about a similiar issue in the past. Did a couple of google searches and the following BugID was mentioned in the discussion.
    syslog 113019 reports invalid address when VPN client disconnects.
    CSCub72545
    Description
    Symptom:
    Syslog reports an invalid IP Address.
    Conditions:
    This condition occurs when a VPN Client is disconnected.
    Workaround:
    There is no mention of a workaround. Just mention of software versions that should correct the problem
    The link to the actual page/document is the following
    https://tools.cisco.com/bugsearch/bug/CSCub72545
    Perhaps this is the bug you are running into or something similiar.
    - Jouni

  • VPN session remains up but can no longer get to internal devices

    Our remote users in Germany are provided with a mixture of Vodafone 3G Mobile Connect Cards (PCMCIA) and "USB sticks" for cellular broadband access. Installed on their laptops is Vodafone's Mobile Connect Client & Cisco VPN client version 5.
    To connect, they first connect to Vodafone's "VPN access point" -- Vodafone's VPN only service offering. Once connected, they VPN into the network with the Cisco client. All users connect to a Cisco 3020 Concentrator.
    Users are able to access network resources, however, they lose connectivity after 5-10min. What's unusual is, it doesn't look like the VPN session drops since the padlock in the right hand corner remains locked; they just can't access network resources.
    To troubleshoot...
    a) We had a user establish a VPN session then immediately start a continuous ping to an internal device's IP address. The connection stayed up for 20min before requests started timing out.
    b) We enabled "IPSec over TCP" on the client and Concentrator side, no change.
    What could possibly be causing this behavior?

    Does Vodafone use Venturi Transport Protocol clients for Windows like Verizon's does with their EvDO cards? If so, we had to turn off and eventually uninstall the Venturi client software because it detrimentally interfered with IPsec traffic.
    -Gary

  • Monitoring Users session with specific profiles

    Hi,
    I created a specific profile that terminates a session with idle time 4 minutes. I would like to know how to monitoring which sessions are been disconnected by Oracle.
    Thanks in advance,

    enable auditing by using
    alter system set audit_trail = db scope=spfile
    and bounce
    Then issue audit connect
    The dba_audit_session view will have the reason why the process was disconnected.
    Sybrand Bakker
    Senior Oracle DBA

  • Monitoring Oracle session with SQL_ID

    Hi All,
    How can I know a SQL_ID belonging to a user/schema in Oracle. Can anyone post me the query to find the SQL QUERY/SQL_ID belonging to a user session. I have googled but dint get what i expected. Hope I get it here. We dont have OEM configured to monitor the session.
    Oracle DB version : 10.2.0.5
    OS version : IBM - AIX
    Regards,
    Imran Khan

    imran khan wrote:
    Hi All,
    How can I know a SQL_ID belonging to a user/schema in Oracle. Can anyone post me the query to find the SQL QUERY/SQL_ID belonging to a user session. I have googled but dint get what i expected. Hope I get it here. We dont have OEM configured to monitor the session.
    Oracle DB version : 10.2.0.5
    OS version : IBM - AIX
    Regards,
    Imran Khanlook for SQL_ID below
    SQL> desc v$session
    Name                                      Null?    Type
    SADDR                                              RAW(4)
    SID                                                NUMBER
    SERIAL#                                            NUMBER
    AUDSID                                             NUMBER
    PADDR                                              RAW(4)
    USER#                                              NUMBER
    USERNAME                                           VARCHAR2(30)
    COMMAND                                            NUMBER
    OWNERID                                            NUMBER
    TADDR                                              VARCHAR2(8)
    LOCKWAIT                                           VARCHAR2(8)
    STATUS                                             VARCHAR2(8)
    SERVER                                             VARCHAR2(9)
    SCHEMA#                                            NUMBER
    SCHEMANAME                                         VARCHAR2(30)
    OSUSER                                             VARCHAR2(30)
    PROCESS                                            VARCHAR2(24)
    MACHINE                                            VARCHAR2(64)
    PORT                                               NUMBER
    TERMINAL                                           VARCHAR2(30)
    PROGRAM                                            VARCHAR2(48)
    TYPE                                               VARCHAR2(10)
    SQL_ADDRESS                                        RAW(4)
    SQL_HASH_VALUE                                     NUMBER
    SQL_ID                                             VARCHAR2(13)
    SQL_CHILD_NUMBER                                   NUMBER
    SQL_EXEC_START                                     DATE
    SQL_EXEC_ID                                        NUMBER
    PREV_SQL_ADDR                                      RAW(4)
    PREV_HASH_VALUE                                    NUMBER
    PREV_SQL_ID                                        VARCHAR2(13)
    PREV_CHILD_NUMBER                                  NUMBER
    PREV_EXEC_START                                    DATE
    PREV_EXEC_ID                                       NUMBER
    PLSQL_ENTRY_OBJECT_ID                              NUMBER
    PLSQL_ENTRY_SUBPROGRAM_ID                          NUMBER
    PLSQL_OBJECT_ID                                    NUMBER
    PLSQL_SUBPROGRAM_ID                                NUMBER
    MODULE                                             VARCHAR2(64)
    MODULE_HASH                                        NUMBER
    ACTION                                             VARCHAR2(64)
    ACTION_HASH                                        NUMBER
    CLIENT_INFO                                        VARCHAR2(64)
    FIXED_TABLE_SEQUENCE                               NUMBER
    ROW_WAIT_OBJ#                                      NUMBER
    ROW_WAIT_FILE#                                     NUMBER
    ROW_WAIT_BLOCK#                                    NUMBER
    ROW_WAIT_ROW#                                      NUMBER
    TOP_LEVEL_CALL#                                    NUMBER
    LOGON_TIME                                         DATE
    LAST_CALL_ET                                       NUMBER
    PDML_ENABLED                                       VARCHAR2(3)
    FAILOVER_TYPE                                      VARCHAR2(13)
    FAILOVER_METHOD                                    VARCHAR2(10)
    FAILED_OVER                                        VARCHAR2(3)
    RESOURCE_CONSUMER_GROUP                            VARCHAR2(32)
    PDML_STATUS                                        VARCHAR2(8)
    PDDL_STATUS                                        VARCHAR2(8)
    PQ_STATUS                                          VARCHAR2(8)
    CURRENT_QUEUE_DURATION                             NUMBER
    CLIENT_IDENTIFIER                                  VARCHAR2(64)
    BLOCKING_SESSION_STATUS                            VARCHAR2(11)
    BLOCKING_INSTANCE                                  NUMBER
    BLOCKING_SESSION                                   NUMBER
    FINAL_BLOCKING_SESSION_STATUS                      VARCHAR2(11)
    FINAL_BLOCKING_INSTANCE                            NUMBER
    FINAL_BLOCKING_SESSION                             NUMBER
    SEQ#                                               NUMBER
    EVENT#                                             NUMBER
    EVENT                                              VARCHAR2(64)
    P1TEXT                                             VARCHAR2(64)
    P1                                                 NUMBER
    P1RAW                                              RAW(8)
    P2TEXT                                             VARCHAR2(64)
    P2                                                 NUMBER
    P2RAW                                              RAW(8)
    P3TEXT                                             VARCHAR2(64)
    P3                                                 NUMBER
    P3RAW                                              RAW(8)
    WAIT_CLASS_ID                                      NUMBER
    WAIT_CLASS#                                        NUMBER
    WAIT_CLASS                                         VARCHAR2(64)
    WAIT_TIME                                          NUMBER
    SECONDS_IN_WAIT                                    NUMBER
    STATE                                              VARCHAR2(19)
    WAIT_TIME_MICRO                                    NUMBER
    TIME_REMAINING_MICRO                               NUMBER
    TIME_SINCE_LAST_WAIT_MICRO                         NUMBER
    SERVICE_NAME                                       VARCHAR2(64)
    SQL_TRACE                                          VARCHAR2(8)
    SQL_TRACE_WAITS                                    VARCHAR2(5)
    SQL_TRACE_BINDS                                    VARCHAR2(5)
    SQL_TRACE_PLAN_STATS                               VARCHAR2(10)
    SESSION_EDITION_ID                                 NUMBER
    CREATOR_ADDR                                       RAW(4)
    CREATOR_SERIAL#                                    NUMBER
    ECID                                               VARCHAR2(64)

  • CSM disconnects VPN sessions upon config deployment.

    CSM version 4.3 SP1
    Hi,
    I've noticed that while deploying configuration to our ASA5520 devices active VPN sessions are being disconnected.
    Has anyone noticed the same ?
    I've not found anything related in Cisco Forum.
    I also have not found anything related at Cisco BugToolkit.
    Thanks for help.
    Krzysztof

    and from asa device perspective (debug log):
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    Dec 28 13:43:51 [IKEv1]Group = ******, Username = ****, IP = ****, Session is being torn down. Reason: Administrator Reset
    and lots more

  • Monitoring VPN Clients

    Hi guys,
    I have a need to monitor VPN clients where I have TMG 2010 as my VPN server.
    I just want to know from where clients are initiated their vpns.I mean their vlaid IPs not which TMG gives them.
    Is there any third party software to do this?
    Thanks

    Hi,
    When configuring the VPN connection on the TMG server, which kind of IP address assignment method you had selected?
    If you select the static address pool, then the remote VPN clients would obtain IP addresses from this range.
    If you have a DHCP server and select DHCP option, then
    TMG firewall will request 10 IP addresses from the DHCP scope each time to assign its VPN interface an IP address and to assign IP addresses to the VPN clients.
    More information:
    Configuring VPN address assignment
    Best regards,
    Susie

  • Internet sessions, VPN session, and connections dropping frequently

    I'm in an apartment. This problem started about a week ago. All of my browser sessions, vpn session, and connections such as AIM or netflix drop frequently. I often have to click links twice to get a page to load. I have to reload videos a lot to get them to continue to stream. I am constantly signing in and out of AOL IM.
    I believe the problem has to do with several MoCs (coax connections) listed on my router page, and these MoCs have names of other people on them. Until I noticed them a week ago, I had only seen one MoC belonging to me listed on the router connection page.
    Thus, I think that something got crossed up of misconfigured in the ONT for my apartment complex. The gateway light on my router stays green as all of these problems happen.
    Pinging google.com, I get
    --- google.com ping statistics ---76 packets transmitted, 55 packets received, 27.6% packet lossround-trip min/avg/max/stddev = 31.282/39.339/48.217/3.548 ms
    Anyone seen this before and know how to get verizon to fix this?
    I have had nothing but problems with FIOS since getting it, and I have wasted a lot of time with their "customer support."

    I am sorry to hear about your connection problems. I have sent you a private message so we can get your information and look more deep into your connection.
    Anthony_VZ
    **If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
    Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan

  • Can AnyConnect VPN Session Surviving a Logoff ?

    I see that AnyConnect is a Service. We sometimes have issues with remotes losing their Windows passwords. When this happens, we have them log in locally, (with a non-domain account), then connect to the VPN, then logoff, (the Contivity VPN Session will stay established), then we reset their password, and they log in with their new password. Some VPNs use a feature called 'Logoff at Connect' to accomplish this. Any information would be greatly appreciated.

    To log off all AnyConnect Client and SSL VPN sessions, use the vpn-sessiondb logoff svc command in global configuration mode:
    vpn-sessiondb logoff svc. In response, the system asks you to confirm that you want to log off the VPN sessions. To confirm press Enter or type y. Entering any other key cancels the logging off.
    http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect22/administration/guide/22admin6.html#wp999635

  • Show vpn-session remote

    We currently have vpn-session-timeout none. We want to disconnect users if the session is inactive for 60 mins. How would I make this chage and any problems with this?

    vpn-idle-timeout   = the amount of time the vpn connection is idle ie. no activity seen on the tunnel, before it is disconnected
    vpn-session-timeout = the amount of time the VPN tunnel is allowed to stay up regardless of whether there is activity or not.
    This if for specific user-
    hostname(config)# username anyuser attributes
    hostname(config-username)# vpn-session-timeout
    Hope this help.
    Thanks
    Ajay

  • ASDM 7.1(1)52 device dashboard shows ghost VPN Sessions

    Hi,
    I just upgraded one of our 5520 ASA to serve ASDM 7.1(1)52 and noticed something interesting.
    When I look Device Dashboard / VPN Sessions, I see example 14 IPSec connections.
    BUT, If I Click Details, I only get 10 Real IPsec connections shown.
    I do not recall seen this earlier, with older ASDM versions.
    Anyone seen similar or has any idea, why this is happening ?
    Cheers;
    -jra

    Looked Around other ASA boxes and these ghost sessions seems truly come with new ASDM software.
    All boxes, which has ASDM 6.2 shows correct count of IPSec connections on main screen.
    All boxes, which has ASDM 7.1 shows 5 - 15 more IPSec connectios, than details page / CLI shows.

Maybe you are looking for

  • Where a system saved a old ABC indicator

    Dear expert Hi We are working in our company with ABC indicator for cycle counting , Trans: MIBC I will need to create a new Query when we can see what is the old ABC indicator and what is the new ABC indicator after we update a indicator with MIBC P

  • Prompt to Update Account with Mobile Phone Number WON'T STOP APPEARING

    When signing in to Verizon a box keeps coming up to enter mobile phone number. I have been checking off "No Number" and it says account settings updated but the box keeps appearing. I have deleted cookies and history as instructed by cust. svc but th

  • Verification Always Fails

    I have a Belkin Pre-N Wireless Router, a 1.5ghz PowerBook G4, and a bunch of other computers. Almost everything I download on the PowerBook fails. Disk Images fail verification. Zipped files refuse to unzip with errors. It seems to happen when I down

  • New iPhone question (picture mail)

    Just got the 3G iPhone and I was wondering why I cannot recieve pictures via text message, (picture mail). Is there something I need to download, or is it not possible?

  • I can not watch itunes festival an error ocurred

    i can not acces itunes festival gime me error