Using ASA for our VPN

I was curious if through the ASDM there is a way to show who was logged in last week and for how long?  I know through the CLI I can use the sh vpn-sessiondb l2l to see who is currently connected, but trying to get a report of its total use by user, day and hour??

Hi Dan,
The ASA doesn't keep any historical data of connections so it won't be possible.
You can view the users currently connected from the monitoring part of ASDM but you don't have any reporting capabilities.
Regards,
Nicolas

Similar Messages

  • I share a macbook with my other half and we both use it for our iphones. When syncing using the new software I now have all of her and my contacts on my phone.  I don't want her contacts! How do I get rid?

    I share a macbook with my other half and we both use it for our iphones. When syncing using the new software I now have all of her and my contacts on my phone.  I don't want her contacts! How do I get rid?

    Hi,
    You have 2 solutions:
    1 - You can use 2 differents icloud account
    2 - You use the same account but you don't sync yours contacts.
    You configure that in  Settings > icloud
    You activate or desactivate what you want.
    Have a nice day.

  • I have just started to use Muse for our design agency and learning how to build ourselves a new site, I have manged to create a basic lightbox which contains sliding images, what I need to do now is have a pop up window which goes into detail about the pr

    I have just started to use Muse for our design agency and learning how to build ourselves a new site, I have managed to create a basic lightbox which contains sliding images, what I need to do now is have a pop up window which goes into detail about the projects, what I would like is a piece of text  or icon that when you roll over it and then click a separate window pops up with additional information in, once finished reading the info you can then click to close the box, any advice on how to do this?

    The best way to do what you're asking is with the Composition widget. Start with the Tooltip preset, which, by default shows the info on rollover. You can change the option to show on click, which is what you're after. You can also add the close button or have the info disappear on rollout.
    David

  • AnyConnect using ASA for product evaluation

    Hello Security folks,
    I am evaluating Cisco Anyconnect VPN solution using ASA. I have few questions needs to be answered asap.
    1st-
    Can we combine business partners and employee client connections on a single ASA in a secure manner?
    2nd-
    How the Anyconnect functions for selecting the nearest gateway (optimized gateway selection) to a user works? - I have below link which has a very good explanation but I am looking for the best response.
    (https://supportforums.cisco.com/docs/DOC-15326)
    3rd-
    Can you please highlight the important features which are not supported in other vendors SSL solutions?
    Thanks & Regards,
    Deepak A.

    Karsten,
    That helps me. I think I can try to use Cisco IOS router where I can implement Anyconnect at the same time I can have VRF features too. But there are some limitations with the Cisco IOS as below, I will decide the best product satisfying my needs.
    Q. Is AnyConnect supported on Cisco IOS® devices?
        A. Yes.
        As of Cisco IOS Software Release 12.4(15)T in browser-initiated mode only as per the Release 12.4T New Security Features Notes.
        As of Cisco IOS Software Release 12.4(20)T, standalone mode is also supported.
        For more information, refer to SSL VPN Remote User Guide.
        Notes:
            Support for DTLS is introduced from Cisco IOS version 15.1(2)T. Refer to the svc dtls command for more information.
            Client keepalives are not supported on Cisco IOS devices until the 12.4(20)T release.
            Updates to the hardware crypto that can cause disconnects have been resolved with 12.4(T2) for 87x platforms.
           Start Before Logon is currently not supported by Cisco IOS.
    Q. Is it possible to connect the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router?
        A. No. It is not possible to connect the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router. AnyConnect on iPad/iPhone can connect only to an ASA that runs version 8.0(3).1 or later. Cisco IOS is not supported by the AnyConnect VPN Client for Apple iOS.

  • My business want to start using iPhones for our field techs is there a simple and inexpensive way to manage multiple phones?

    I am a service manager for a small HVAC company, we want to issue iPones for our field staff (15) people, is there a simple management software out there that is also cost effective, I have used an iPhone for years, but have no experience with enterprise management, so simple would be best. Thanks for any help you can give.

    If you are running MS Exchange for mail, you can use the Exchange management console to perform remote wipes.
    We have used Casper for mac desktop management to good effect, I believe they offer more advanced remote management for iphones.
    FWIW, we just used the Apple Iphone Configuration utility to build config profiles...
    http://support.apple.com/kb/DL852 (for windows, there is a mac ver avail)

  • Use SNMP for RA VPN User

    Hi,
    In report to the document, https://supportforums.cisco.com/docs/DOC-13299 i would like to know if you have
    a solution to get VPN username who are connecting on my VPN with snmp command.
    My device is an ASA 5510 with ASA Version 8.2
    Thanks for your reply

    Hi,
    In report to the document, https://supportforums.cisco.com/docs/DOC-13299 i would like to know if you have
    a solution to get VPN username who are connecting on my VPN with snmp command.
    My device is an ASA 5510 with ASA Version 8.2
    Thanks for your reply

  • A question about Using RSL for our Intranet Application

    Hi ,
    I am doing an Intranet Application (Which will be used only with in the Employees of the  Organization)
    We want to RSL as read that it will improve the performance of the swf files .
    Please let us know what type of RSL (like Standard RSLs , Cross-domain RSLs or Framework RSL)
    Suppourt us ??
    Can anybody let me know how can i provide RSL facility for my Application .
    Thanks in advnace .

    Thanks for the information .
    As you mentioned:
    RSLs are only useful if more than one SWF is going to share it.
    Our Intranet Application is divided into several Modules , but under only one APPlication MMXL file . So will this be useful for us in any way ??
    Thanks .
    Waiitng for your resposne .

  • Catch problem for JSPs, can't i use Oracle9iAS for our  Application ?

    Hi,
    I have deployed .ear file by using OC4J. I am facing catch problem, in defferent situations.
    1. We used pager tag library for search nagivation, it is not working proper.
    2. 'Creation of new object(in my case enterprise,certificate,role etc.)' is not working
    properly. What ever i try to create it is giving Error in
    TrainiumPKCallBean :javax.ejb.DuplicateKeyException: Entity already exists
    3. And some of my pages not giving proper results, but if i edit that .jsp file, then it
    gives correct request for that time. If i want correct result, then again i have to edit and
    save that page.
    I belive all the above problems are coming due to catch.
    If this problem continues, we can't use Oralce9iAs.
    please give me solution..
    thanks in advance
    srinivas.

    Hi Srinivas,
    I must admit, I had difficulty understanding your question. With your
    permission, I'll try and rephrase it. Hopefully I have understood it
    correctly, and can offer something constructive.
    I assume that "TrainiumPKCallBean" is a CMP entity bean. You are invoking
    the "create()" method in that bean's home interface from your JSP, correct?
    When you invoke the "create()" method of a CMP entity bean's home interface,
    OC4J will try and insert a row into the relevant database table(s).
    A "DuplicateKeyException" means that OC4J is trying to insert a row
    that has a primary key of an already existing row in the database
    table. The only way to avoid the "DuplicateKeyException" is either
    try to use a different primary key value, or delete the row from the
    database table with the primary key that you are trying to insert.
    So I suppose that by editing the JSP, you are changing the primary
    key value to something that doesn't already exist in the database.
    Unfortunately, based on the (lack of) information you have supplied,
    I can't offer anything else -- sorry {:-(
    If you wouldn't mind supplying the following information -- it may
    help me to help you solve your problem(s).
    1. Version of OC4J
    2. JDK version
    3. Operating system
    4. Complete error message and stack trace
    5. Part(s) of the code that are causing the problem
    Good Luck,
    Avi.

  • Recently facebook is in a long straight line when we are on Firefox when we use it for our browser,it works on int. explorer

    We used firefox all the time, but recently our facebook is totally changed. It works fine on internet explorer but I don't want to use that.

    Reload web page(s) and bypass the cache.
    * Press and hold Shift and left-click the Reload button.
    * Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
    * Press "Cmd + Shift + R" (MAC)
    Clear the cache and the cookies from sites that cause problems.
    "Clear the Cache":
    * Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
    "Remove Cookies" from sites causing problems:
    * Tools > Options > Privacy > Cookies: "Show Cookies"
    Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
    *Don't make any changes on the Safe mode start window.
    *https://support.mozilla.com/kb/Safe+Mode
    *https://support.mozilla.com/kb/Troubleshooting+extensions+and+themes

  • Which device for L2L VPN

    Today we are using a pair, for redundancy, of 2800 routers with crypto cards (AIM-VPN/SSL2) for our VPN Lan2Lan tunnels. The routers can terminate in different VRFs (VRF aware IPsec).
    But one thing we are having quite an issue with is configuration. We have to remember to put configuration on both devices individually, which we tend to forget from time to time. And as far as I know they are not able to sync configuration. But I could be wrong...
    I know that the ASA can, but then we have to have a lot of contexts which is quite expensive, and brings quite an amount of configuration each time we configure a new context.
    It is possible to find some devices that can handle VRF aware IPsec as well as single device configuration?
    Kind regards,
    Robert Pedersen

    Jeffin,
    All Jetpacks are not designed to be left online 24x7.  Jetpacks are mobile broadband devices designed for short usage in traveling situations.  If you attempt to treat your Jetpack as a normal home modem or router you will have lots of complaints about its performance.
    VZW offers a few other products that would be better suited for this scenario. The best would be a USB modem and router combo from pepwave or cradlepoint.  Reviews always appear to be the best with those devices.  VZW also offers its own 4G LTE router which would perform better than a Jetpack too.  HomeFusion is normally the best choice for home internet replacement but installation and maintenance may not be ideal for you as a remote home user. 
    Granted anything that depends on wireless tech is going to need to be rebooted every now and then.  Leaving a wireless connection in a location that you do not have common physical access to could be a chore to maintain.  It might be a good idea to find a neighbor in your neighborhood who you trust a key with and work out a deal where you are able to call them and have them reboot you every now and then.

  • ASA for beginner

    Hi,
    I recently move into security devices using ASA for VPN & Firewall . Lots of choices book available from CiscoPress. Any suggestion either books or technical training?
    Thanks in advance.       
    MA.          

    I own the one by David Hucaby:
    http://www.ciscopress.com/bookstore/product.asp?isbn=1587054574
    Even though it was published five years ago it does a good job of covering the breadth of the product's capabilities.
    If you are trying for certification, you may want to supplement your reading with one of the CCNP Security certification guides (VPN and Firewall), Those have both been updated in 2011 and 2012 respectively and thus cover the newer syntax in ASA 8.3+ code.
    http://www.ciscopress.com/bookstore/product.asp?isbn=1587204479
    http://www.ciscopress.com/bookstore/product.asp?isbn=0132748355

  • CISCO NAC deployment with ASA for internal servers (DMZ)

    We have deployed cisco ASA for our clients access to DMZ servers few months ago. Now we want to integrate cisco NAC solution without removing ASA
    from infrastructure. What will be the best deployment mode of cisco NAC so that clients can also pass through cisco ASA access list also for filtering before reaching to dmz servers.
    what gateway clients will use. Plz help.
    Should i use Virtual Gateway or Real Gateway for NAC. Client should first come to NAC(CAS) and then through ASA to reach DMZ servers.

    Hello,
    This should work. Please review the attached PDF for more clarity on this topic: https://supportforums.cisco.com/docs/DOC-9102
    HTH,
    Faisal

  • Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)

    OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.
    What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch? 
    Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?
    When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?
    Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet
    The ASA is connected to a checkpoint sub interface
    Any help would be beneficial as im new to cisco ASAs 
    Thanks
    Mark

    Mark
    If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?
    HTH
    Rick

  • Two external interfaces; one to be used for outboud; second to be used for incoming VPN\Web traffic.

    I'm configuring our ASA and we have two AT&T circuits which we're only using one with our current Juniper firewall. I know the ASA doesn't support policy based routing so I'm wondering if the following hypothetical "config" is possible.
    External Interfaces:
    OUT_01 - 12.133.X.X
    OUT_02 - 201.61.X.X
    I would route all internal traffic to go out through OUT_01.
    We have over 5 site-to-site VPN and 30 external facing servers.  Could I use OUT_2 to configure all the inbound connections for the VPN and NAT rules?

    You can configure the ASA to allow asynchronous routing, as you are describing, by configuring TCP bypass.
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_tcpstatebypass.html
    What this will do is you will still need to send traffic out one interface but the ASA will accept return traffic on either of the outside interfaces.  Configuring this can be a security risk as the ASA will ignor the state table.
    Or you could wait until ASA version 9.4 which will have support for PBR.  Ofcourse this is the first version that will support it, so don't be suprised if it has a few bugs.
    Please remember to select a correct answer and rate helpful posts

  • Using ASA 5510 and router for dual WAN Connections.

    Guys, neeed some help here:
    Context:
    1- My company has one ASA 5510 configured with Site-to-site VPN, Ipsec Cisco VPN and AnyConnect VPN.
    2- We use ASA to connect to the single ISP (ISP 1) for internet access. ASA does all the NATing for internal users to go out.
    3- A second link is coming in and we will be using ISP 2 to loadbalance traffic to internet (i.e. business traffic will go via ISP1 and “other” traffic will go via ISP2).
    4- A router will be deployed in front of the ASA to terminate internet links.
    5- No BGP should be used to implement policy (traffic X goes via ISP1, traffic Y goes via ISP2).
    Questions:
    How do I get this done, particularly, how do I tell the router, for traffic X use ISP1 and for traffic Y use ISP2? PBR is my friend?
    Since I will be having 2 public Ip Addresses from the 2 ISPs, how do I NAT internal users to the 2 public Ip addresses ?.
    Finally, which device should be doing the NATing? The ASA just like now or move NATing to the Router?
    Thanks
    Ndaungwe

    Hi,
    Check the below link, it gives information on trasperant fw config and limilations. Based on the doc, you may need to move the VPN /anyconnect to router as well. From the routr end you may be able to set up static routes pointing to diff ISP based on traffic needs but this will be compleicated setup and can break things. Wait for other suggestions or if possible stick to ASA to terminate both links and still route the traffic to diff ISPs (Saves the router cost as well).
    http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml
    Thx
    MS

Maybe you are looking for