VPN logs
I have a question about VPN logs that I can't seem to find in the documentation. How long does Leopard server keep the VPN logs for? I only have one file in /var/log/ppp/ called vpnd.log, however, some of the older entries are now missing. Is this normal behavior for OS X server or should I be concerned that older entries are now gone?
If it is normal, do the old entries get copied to another file? If so, where? And, is there a way to customize this behavior?
Thanks.
I do not believe anything is by default configured to rotate or otherwise clean this logfile.
If older entries are being removed, that is news to me and I would love to hear more..
What I do is edit (as sudo/root) /etc/newsyslog.conf and added the following line
/var/log/ppp/vpnd.log 640 1 200 * J
You can read more in the man page or decern the syntax from reading other entries..
I hope this helps..
Similar Messages
-
WRVS4400N [VPN log]: shutting down
Ive setup a few WRVS4400N over the past 6 months, and have been receiving the below message from some of them every couple of hours.
What does the message indicate? Any action to take?
Thanks
+++++++++++++++++++++++++++++++
Sep 18 07:03:35 - [VPN Log]: shutting down
Sep 18 07:03:35 - IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 18 07:03:37 - [VPN Log]: Starting Pluto (Openswan Version cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE@ECqImzhFD)
Sep 18 07:03:37 - [VPN Log]: @(#) built on May 10 2011:17:24:48:
Sep 18 07:03:37 - [VPN Log]: Setting NAT-Traversal port-4500 floating to on
Sep 18 07:03:37 - [VPN Log]: port floating activation criteria nat_t1/port_fload1
Sep 18 07:03:37 - [VPN Log]: including NAT-Traversal patch (Version 0.6c)
Sep 18 07:03:37 - [VPN Log]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret0)
Sep 18 07:03:37 - [VPN Log]: starting up 1 cryptographic helpers
Sep 18 07:03:37 - [VPN Log]: started helper pid 739 (fd:5)
Sep 18 07:03:37 - [VPN Log]: Using KLIPS IPsec interface code on 2.4.27-star
Sep 18 07:03:37 - [VPN Log]: Changing to directory '/etc/ipsec.d/cacerts'
Sep 18 07:03:37 - [VPN Log]: Changing to directory '/etc/ipsec.d/aacerts'
Sep 18 07:03:37 - [VPN Log]: Changing to directory '/etc/ipsec.d/ocspcerts'
Sep 18 07:03:37 - [VPN Log]: Changing to directory '/etc/ipsec.d/crls'
Sep 18 07:03:37 - [VPN Log]: Warning: empty directory
+++++++++++++++++++++++++++++++And im also getting this for an RVS4000
Sep 25 18:27:42 - Receive NTP Reply from ntp-1.mcs.anl.gov
Sep 25 18:27:46 - [VPN Log]: shutting down
Sep 25 18:27:47 - IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 25 18:27:48 - [VPN Log]: Starting Pluto (Openswan Version cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE@ECqImzhFD)
Sep 25 18:27:48 - [VPN Log]: @(#) built on May 12 2011:16:06:15:
Sep 25 18:27:48 - [VPN Log]: Setting NAT-Traversal port-4500 floating to on
Sep 25 18:27:48 - [VPN Log]: port floating activation criteria nat_t1/port_fload1
Sep 25 18:27:48 - [VPN Log]: including NAT-Traversal patch (Version 0.6c)
Sep 25 18:27:48 - [VPN Log]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret0)
Sep 25 18:27:48 - [VPN Log]: starting up 1 cryptographic helpers
Sep 25 18:27:48 - [VPN Log]: started helper pidW48 (fd:5)
Sep 25 18:27:48 - [VPN Log]: Using KLIPS IPsec interface code on 2.4.27-star
Sep 25 18:27:48 - [VPN Log]: Changing to directory '/etc/ipsec.d/cacerts'
Sep 25 18:27:48 - [VPN Log]: Changing to directory '/etc/ipsec.d/aacerts'
Sep 25 18:27:48 - [VPN Log]: Changing to directory '/etc/ipsec.d/ocspcerts'
Sep 25 18:27:48 - [VPN Log]: Changing to directory '/etc/ipsec.d/crls'
Sep 25 18:27:48 - [VPN Log]: Warning: empty directory -
WRVS4400N w/VPN - Logging websites visited with IP addresses or usernames?
I just recently added this new router to my network, it does much better than our old one (a motorola modem/router)
I want to see the websites and web activity performed by my employees with this network. I was told that it was available and before i did the firmware upgrade, i thought i was able to (under VPN log) anyways I am a n00b with this, can anyone help me understand how to view activity logs. (I can view ACL, but not VPN or system)Thank you for responding to my cry for help, David.
I'm confused, though. I thought that's what the access-list 190 does. Are you saying I need a second ip route statement? Or, am I missing an access list item that allows that traffic back out from the LAN to the vpn users?
In a nutshell, I'm not sure how to implement your suggestion. If possible, could you give me an example?
Thanks again!
Dave -
Hello
The RV320 logs are very poor to troubleshoot VPN issues, even with external syslog facility, at the maximum log level the device does not log any VPN event.
Is there a way to increase the log level?
Is there a separate syslog facility local# for VPN?
Where to get extensive documentation about syslog facilities numbers used by RV320?
Thank youCisco support team is trying to fix this up, but it's not working
They managed to build a working tunnel but that's not the point, we need VPN logs, period.
It looks like the device only starts VPN log after a succesfull VPN connection, making the device impossible to setup, diagnose or monitor failed VPN connections. This is a no go.
using external syslog does not help, the only VPN related output I get in log is :
Oct 22 12:32:18 10.0.0.254 VPN Log: [g2gips0]: [Tunnel Disconnected]
what I should get (and is a must have) would be :
2014-10-20, 05:15:31
VPN Log
[g2gips2] #11: [Tunnel Established] ISAKMP SA established
2014-10-20, 05:15:54
VPN Log
[g2gips2] #14: [Tunnel Established] sent MR3, ISAKMP SA established
2014-10-20, 05:15:55
VPN Log
[g2gips2]: cmd=up-client peer=62.176.126.28 peer_client=192.168.1.0/24 peer_client_net=192.168.1.0 peer_client_mask=255.255.255.0
2014-10-20, 05:15:55
VPN Log
ip route add 192.168.1.0/24 via 88.161.221.254 dev eth1 metric 35
2014-10-20, 05:15:55
VPN Log
iptables -t nat -I vpn -s 10.0.0.0/24 -d 192.168.1.0/24 -j ACCEPT
2014-10-20, 05:15:55
VPN Log
iptables -t nat -I vpn -s 192.168.1.0/24 -d 10.0.0.0/24 -j ACCEPT
2014-10-20, 05:15:55
VPN Log
iptables -t nat -I vpn_postrouting -s 10.0.0.0/24 -d 192.168.1.0/24 -j ACCEPT
2014-10-20, 05:15:55
VPN Log
iptables -t nat -I vpn_postrouting -o eth0 -s 192.168.1.0/24 -d 10.0.0.0/24 -j ACCEPT
2014-10-20, 05:15:55
VPN Log
[g2gips2] #15: [Tunnel Established] IPsec SA established {ESP=>0xc570a9c8 < 0xc43d09ba}
2014-10-20, 05:16:53
VPN Log
[g2gips2] #15: [Tunnel Negotiation Fail] DPD: Could not find newest phase 1 state
2014-10-20, 05:26:44
User Log
User cisco Session Expired
2014-10-20, 06:14:42
VPN Log
[g2gips2] #16: [Tunnel Established] sent MR3, ISAKMP SA established
2014-10-20, 06:14:42
VPN Log
[g2gips2] #17: [Tunnel Established] IPsec SA established {ESP=>0xc0931255 < 0xc928b34e}
2014-10-20, 06:14:42
VPN Log
[g2gips2] #16: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc570a9c8) not found (maybe expired)
2014-10-20, 07:13:34
VPN Log
[g2gips2] #18: [Tunnel Established] IPsec SA established {ESP=>0xcea6223a < 0xcfbc92ba}
2014-10-20, 07:13:34
VPN Log
[g2gips2] #16: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc0931255) not found (maybe expired)
2014-10-20, 08:12:20
VPN Log
[g2gips2] #19: [Tunnel Established] IPsec SA established {ESP=>0xcdb2138d < 0xcfa80369}
2014-10-20, 08:12:20
VPN Log
[g2gips2] #16: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcea6223a) not found (maybe expired)
2014-10-20, 09:11:09
VPN Log
[g2gips2] #20: [Tunnel Established] IPsec SA established {ESP=>0xc5aeba36 < 0xcd182a7c}
2014-10-20, 09:11:09
VPN Log
[g2gips2] #16: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcdb2138d) not found (maybe expired)
2014-10-20, 10:09:57
VPN Log
[g2gips2] #21: [Tunnel Established] IPsec SA established {ESP=>0xc862dbe2 < 0xc68a5a29}
2014-10-20, 10:09:57
VPN Log
[g2gips2] #16: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc5aeba36) not found (maybe expired)
2014-10-20, 11:08:45
VPN Log
[g2gips2] #22: [Tunnel Established] IPsec SA established {ESP=>0xc8c5d191 < 0xc7009873}
2014-10-20, 11:08:45
VPN Log
[g2gips2] #16: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc862dbe2) not found (maybe expired)
2014-10-20, 12:07:29
VPN Log
[g2gips2] #23: [Tunnel Established] IPsec SA established {ESP=>0xcbb5aca6 < 0xc087d294}
2014-10-20, 12:07:29
VPN Log
[g2gips2] #16: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc8c5d191) not found (maybe expired)
2014-10-20, 13:06:16
VPN Log
[g2gips2] #24: [Tunnel Established] IPsec SA established {ESP=>0xce08b895 < 0xca8ee98b}
2014-10-20, 13:06:16
VPN Log
[g2gips2] #16: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcbb5aca6) not found (maybe expired)
2014-10-20, 14:05:03
VPN Log
[g2gips2] #25: [Tunnel Established] IPsec SA established {ESP=>0xc84ace20 < 0xc66ee4e5}
2014-10-20, 14:05:03
VPN Log
[g2gips2] #16: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xce08b895) not found (maybe expired)
2014-10-20, 14:13:46
VPN Log
[g2gips2] #26: [Tunnel Established] sent MR3, ISAKMP SA established
2014-10-20, 15:03:54
VPN Log
[g2gips2] #27: [Tunnel Established] IPsec SA established {ESP=>0xc8808731 < 0xc6aaaf12}
2014-10-20, 15:03:54
VPN Log
[g2gips2] #26: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc84ace20) not found (maybe expired)
2014-10-20, 16:02:47
VPN Log
[g2gips2] #28: [Tunnel Established] IPsec SA established {ESP=>0xc20db40f < 0xcbcbb7c5}
2014-10-20, 16:02:47
VPN Log
[g2gips2] #26: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc8808731) not found (maybe expired)
2014-10-20, 17:01:39
VPN Log
[g2gips2] #29: [Tunnel Established] IPsec SA established {ESP=>0xc8f8b88c < 0xc87177ac}
2014-10-20, 17:01:39
VPN Log
[g2gips2] #26: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc20db40f) not found (maybe expired)
2014-10-20, 18:00:24
VPN Log
[g2gips2] #30: [Tunnel Established] IPsec SA established {ESP=>0xc24edeb7 < 0xc31180a7}
2014-10-20, 18:00:24
VPN Log
[g2gips2] #26: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc8f8b88c) not found (maybe expired)
2014-10-20, 18:59:12
VPN Log
[g2gips2] #31: [Tunnel Established] IPsec SA established {ESP=>0xcf388896 < 0xcca051f9}
2014-10-20, 18:59:12
VPN Log
[g2gips2] #26: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc24edeb7) not found (maybe expired)
2014-10-20, 19:57:59
VPN Log
[g2gips2] #32: [Tunnel Established] IPsec SA established {ESP=>0xcb12a9c8 < 0xc6d3e8a4}
2014-10-20, 19:57:59
VPN Log
[g2gips2] #26: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcf388896) not found (maybe expired)
2014-10-20, 20:56:46
VPN Log
[g2gips2] #33: [Tunnel Established] IPsec SA established {ESP=>0xcdc041c8 < 0xc69fa232}
2014-10-20, 20:56:46
VPN Log
[g2gips2] #26: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcb12a9c8) not found (maybe expired)
2014-10-20, 21:55:36
VPN Log
[g2gips2] #34: [Tunnel Established] IPsec SA established {ESP=>0xc4f97df6 < 0xc4a67abd}
2014-10-20, 21:55:36
VPN Log
[g2gips2] #26: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcdc041c8) not found (maybe expired)
2014-10-20, 22:12:56
VPN Log
[g2gips2] #35: [Tunnel Established] sent MR3, ISAKMP SA established
2014-10-20, 22:54:27
VPN Log
[g2gips2] #36: [Tunnel Established] IPsec SA established {ESP=>0xc3716585 < 0xc41ab42b}
2014-10-20, 22:54:27
VPN Log
[g2gips2] #35: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc4f97df6) not found (maybe expired)
2014-10-20, 23:53:13
VPN Log
[g2gips2] #37: [Tunnel Established] IPsec SA established {ESP=>0xcfc747c8 < 0xc5994856}
2014-10-20, 23:53:13
VPN Log
[g2gips2] #35: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc3716585) not found (maybe expired)
2014-10-21, 00:51:58
VPN Log
[g2gips2] #38: [Tunnel Established] IPsec SA established {ESP=>0xcf4ea957 < 0xc566c6d3}
2014-10-21, 00:51:58
VPN Log
[g2gips2] #35: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcfc747c8) not found (maybe expired)
2014-10-21, 01:50:48
VPN Log
[g2gips2] #39: [Tunnel Established] IPsec SA established {ESP=>0xc4f4ddc5 < 0xc852f0a8}
2014-10-21, 01:50:48
VPN Log
[g2gips2] #35: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcf4ea957) not found (maybe expired)
2014-10-21, 02:49:33
VPN Log
[g2gips2] #40: [Tunnel Established] IPsec SA established {ESP=>0xc4d14f63 < 0xc841322e}
2014-10-21, 02:49:33
VPN Log
[g2gips2] #35: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc4f4ddc5) not found (maybe expired)
2014-10-21, 03:48:17
VPN Log
[g2gips2] #41: [Tunnel Established] IPsec SA established {ESP=>0xcab61c1d < 0xc8e06d65}
2014-10-21, 03:48:17
VPN Log
[g2gips2] #35: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc4d14f63) not found (maybe expired)
2014-10-21, 04:47:10
VPN Log
[g2gips2] #42: [Tunnel Established] IPsec SA established {ESP=>0xcc4d0867 < 0xc5370a2f}
2014-10-21, 04:47:10
VPN Log
[g2gips2] #35: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcab61c1d) not found (maybe expired)
2014-10-21, 05:45:57
VPN Log
[g2gips2] #43: [Tunnel Established] IPsec SA established {ESP=>0xcb8459a9 < 0xcab43b24}
2014-10-21, 05:45:57
VPN Log
[g2gips2] #35: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcc4d0867) not found (maybe expired)
2014-10-21, 06:12:00
VPN Log
[g2gips2] #44: [Tunnel Established] sent MR3, ISAKMP SA established
2014-10-21, 06:44:47
VPN Log
[g2gips2] #45: [Tunnel Established] IPsec SA established {ESP=>0xc1d633d9 < 0xc5b9214f}
2014-10-21, 06:44:47
VPN Log
[g2gips2] #44: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcb8459a9) not found (maybe expired)
2014-10-21, 07:43:37
VPN Log
[g2gips2] #46: [Tunnel Established] IPsec SA established {ESP=>0xc8a6235e < 0xc549a18d}
2014-10-21, 07:43:37
VPN Log
[g2gips2] #44: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc1d633d9) not found (maybe expired)
2014-10-21, 08:42:28
VPN Log
[g2gips2] #47: [Tunnel Established] IPsec SA established {ESP=>0xc563592a < 0xc033e13d}
2014-10-21, 08:42:28
VPN Log
[g2gips2] #44: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc8a6235e) not found (maybe expired)
2014-10-21, 09:41:12
VPN Log
[g2gips2] #48: [Tunnel Established] IPsec SA established {ESP=>0xc6c5e0b6 < 0xc9acd1e2}
2014-10-21, 09:41:12
VPN Log
[g2gips2] #44: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc563592a) not found (maybe expired)
2014-10-21, 10:40:03
VPN Log
[g2gips2] #49: [Tunnel Established] IPsec SA established {ESP=>0xc49d311a < 0xca8961e8}
2014-10-21, 10:40:03
VPN Log
[g2gips2] #44: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc6c5e0b6) not found (maybe expired)
2014-10-21, 11:38:53
VPN Log
[g2gips2] #50: [Tunnel Established] IPsec SA established {ESP=>0xc682b92b < 0xc01e3e5f}
2014-10-21, 11:38:53
VPN Log
[g2gips2] #44: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc49d311a) not found (maybe expired)
2014-10-21, 12:37:41
VPN Log
[g2gips2] #51: [Tunnel Established] IPsec SA established {ESP=>0xc0e9d4eb < 0xc0c1b26a}
2014-10-21, 12:37:41
VPN Log
[g2gips2] #44: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc682b92b) not found (maybe expired)
2014-10-21, 13:36:29
VPN Log
[g2gips2] #52: [Tunnel Established] IPsec SA established {ESP=>0xc424276a < 0xc0467e19} -
Odd Site-to-Site VPN Log Activity
I have two rv016s connected site-to-site to Netgear FVS114 and FVS124G. But while the SA lifetimes are set for 3600, I'm seeing tunnel activity in the logs almost every minute like this:
Mar 1 12:05:09 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:05:09 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:05:09 2014
VPN Log
[Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
Mar 1 12:05:09 2014
VPN Log
[Tunnel Negotiation Info] Outbound SPI value = da651654
Mar 1 12:05:09 2014
VPN Log
[Tunnel Negotiation Info] Inbound SPI value = fe2d6610
Mar 1 12:05:09 2014
VPN Log
[Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet
Mar 1 12:05:09 2014
VPN Log
[Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
Mar 1 12:05:09 2014
VPN Log
initiating Quick Mode PSK+ENCRYPT+TUNNEL+NAT-T to replace #865
Mar 1 12:05:01 2014
VPN Log
Informational Exchange message is invalid because it has a previously used Message ID (0x8cf47d5c)
Mar 1 12:05:01 2014
VPN Log
Informational Exchange message is invalid because it has a previously used Message ID (0x8cf47d5c)
Mar 1 12:05:00 2014
VPN Log
Discarding duplicate packet; already STATE_MAIN_I4
Mar 1 12:04:53 2014
VPN Log
Informational Exchange message is invalid because it has a previously used Message ID (0x8cf47d5c)
Mar 1 12:04:49 2014
VPN Log
ignoring Delete SA payload: ISAKMP SA not found (maybe expired)
Mar 1 12:04:00 2014
VPN Log
[Tunnel Negotiation Info] Responder Cookies = 0ac d08f fcfe 73f
Mar 1 12:04:00 2014
VPN Log
[Tunnel Negotiation Info] Initiator Cookies = 4e7c fa42 a059 c577
Mar 1 12:04:00 2014
VPN Log
[Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Mar 1 12:04:00 2014
VPN Log
Main mode peer ID is ID_IPV4_ADDR: '10.168.2.2'(This is the Netgear IP address behind another router)
Mar 1 12:04:00 2014
VPN Log
[Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
Mar 1 12:04:00 2014
VPN Log
[Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
Mar 1 12:04:00 2014
VPN Log
[Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
Mar 1 12:03:59 2014
VPN Log
[Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
Mar 1 12:03:59 2014
VPN Log
[Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
Mar 1 12:03:59 2014
VPN Log
Ignoring Vendor ID payload [648982785bedbdd6...]
Mar 1 12:03:59 2014
VPN Log
Received Vendor ID payload Type = [Dead Peer Detection]
Mar 1 12:03:59 2014
VPN Log
Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-00]
Mar 1 12:03:59 2014
VPN Log
[Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Mar 1 12:03:59 2014
VPN Log
Initiating Main Mode to replace #863
Mar 1 12:03:32 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:03:28 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:03:28 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
Mar 1 12:03:27 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Mar 1 12:03:27 2014
VPN Log
[Tunnel Negotiation Info] Outbound SPI value = c582ca66
Mar 1 12:03:27 2014
VPN Log
[Tunnel Negotiation Info] Inbound SPI value = fe2d660f
Mar 1 12:03:27 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Mar 1 12:01:10 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:00:31 2014
VPN Log
Informational Exchange message is invalid because it has a previously used Message ID (0xf14a5b81)
Mar 1 12:00:28 2014
VPN Log
ignoring Delete SA payload: ISAKMP SA not found (maybe expired)
Mar 1 12:00:09 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Here's another one that just seems like it's going bezerk with establishing tunnels:
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] Outbound SPI value = ee1d9944
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] Inbound SPI value = ea54adfc
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] Responder Cookies = e7bb 8999 0bb 55f1
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] Initiator Cookies = 1a2 43e6 50e7 c24b
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Mar 1 12:30:49 2014
VPN Log
Main mode peer ID is ID_IPV4_ADDR: '69.73.703.187'
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Mar 1 12:30:49 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Mar 1 12:30:48 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Mar 1 12:30:48 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Mar 1 12:30:48 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Mar 1 12:30:48 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Mar 1 12:30:48 2014
VPN Log
received Delete SA payload: deleting ISAKMP State #11132
Mar 1 12:30:45 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:45 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:45 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:45 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:40 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:40 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:40 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:40 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:40 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:40 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:40 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] Outbound SPI value = 9afb9a70
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] Inbound SPI value = ea54adfb
Mar 1 12:30:36 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Mar 1 12:30:35 2014
VPN Log
[Tunnel Negotiation Info] Responder Cookies = f39f a167 9a76 a182
Mar 1 12:30:35 2014
VPN Log
[Tunnel Negotiation Info] Initiator Cookies = 3e15 253 fde4 3a35
Mar 1 12:30:35 2014
VPN Log
[Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Mar 1 12:30:35 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Mar 1 12:30:35 2014
VPN Log
Main mode peer ID is ID_IPV4_ADDR: '69.73.703.187'
Mar 1 12:30:35 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Mar 1 12:30:35 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Mar 1 12:30:35 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Mar 1 12:30:34 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Mar 1 12:30:34 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Mar 1 12:30:34 2014
VPN Log
received Delete SA payload: deleting ISAKMP State #11130
Mar 1 12:30:31 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:31 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:31 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:31 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:31 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:26 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:26 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:26 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:26 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:26 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Outbound SPI value = 9a21d322
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Inbound SPI value = ea54adfa
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Responder Cookies = 33d1 9cc0 a279 7d4d
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Initiator Cookies = fff2 8d26 78e4 4845
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Mar 1 12:30:22 2014
VPN Log
Main mode peer ID is ID_IPV4_ADDR: '69.73.703.187'
Mar 1 12:30:22 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Mar 1 12:30:21 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Mar 1 12:30:21 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Mar 1 12:30:21 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Mar 1 12:30:21 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Mar 1 12:30:21 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Mar 1 12:30:21 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Mar 1 12:30:21 2014
VPN Log
received Delete SA payload: deleting ISAKMP State #11128
Mar 1 12:30:18 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:18 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:18 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:13 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:13 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:13 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:13 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:13 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Outbound SPI value = f4dc2980
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Inbound SPI value = ea54adf9
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Responder Cookies = be4b c078 afac 9ef6
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Initiator Cookies = 7c8e dd4d a0db 71d2
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Mar 1 12:30:08 2014
VPN Log
Main mode peer ID is ID_IPV4_ADDR: '69.73.703.187'
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Mar 1 12:30:08 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Mar 1 12:30:07 2014
VPN Log
[Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Mar 1 12:30:07 2014
VPN Log
[Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Mar 1 12:30:07 2014
VPN Log
received Delete SA payload: deleting ISAKMP State #11126
Mar 1 12:30:04 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:04 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:04 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:04 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:04 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:00 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:00 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
Mar 1 12:30:00 2014
VPN Log
Discarding duplicate packet; already STATE_QUICK_R2
I've highlighted in yellow all the things that I think are odd on the first one. Almost everything on the second one is odd to me. Any ideas why there's so much re-negotiation?
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.comSamir,
The logs are interesting. I would like to see the tunnel settings on the RV016 and Netgear. Can you post some screenshots? (Mask sensitive information)
- Marty -
Need to format a vpn log text file into a format that can be written directly to a SQL table
I am trying to do two thing inside of powershell
1. Take a vpnlog text file "C:\temp\ps3\vpnlogs\testlog.txt" formatted as such and be able to directly add the columns to a sql table
"Number" "Date" "Time" "Interface" "Origin" "Type" "Action" "Service" "Source Port" "Source" "Destination" "Protocol" "Rule"
"Rule Name" "Current Rule Number" "User" "Information" "Product" "Source Machine Name" "Source User Name"
"291" "29Nov2013" "23:59:00" "" "A*****" "Log" "Log In" "" "" "111.*.*.* " "A*****" "" "" "" "" "pet*******"
"VPN internal source IP: 192.*.*.*; reason: disconnected from gateway" "Security Gateway/Management" "" ""
2. Remove the empty colums in this text file so that I can then find a way to upload only colums that have a column name directly up to the sql table via a powershell script .
SO basically import txt file format it into colums that have data that can then be directly written to a sql table without me having to manually create the columns in the table. if this worked correctly the sql table would be uploaded with the colums and
data from sql.
I can do the upload portion with the below listed powershell command however when I import the following file into powershell I have to manually import the testlog.txt into excel then save as a csv to upload... not to mention I had to
manually create the columns in the sql table so that it imports correctly.
get-content "C:\temp\ps3\vpnlogs\testlog.txt" I can not get the data to format correctly without manually importing it into the logfiledata.csv.
$dt=Import-Csv-Path"C:\temp\ps3\vpnlogs\logfiledata.csv"|Out-DataTable
Write-DataTable -ServerInstance"myserver"-Database"mydata"-TableName"dbo.VPNLOGS"-Data$dt
I also have tried this to format the text file but it's not working the way I thought it should, but I don't want to have to create the .CSV file if I can avoid it I would rather take the data in powershell formatted and use the colums to
get-content"C:\temp\ps3\vpnlogs\testlog.txt"|Foreach-Object{
($_
-replace'"',',')
} |Set-Content"C:\temp\ps3\vpnlogs\testlog2.csv"
| Import-Csv
"C:\temp\ps3\vpnlogs\testlog2.csv"|selectNumber,date,time,interface,origin,type,action,service,"source
port",source,destination,protocol,rule,"rule
name","current
rule number",user,information,product,"source
machine name","source
user name"
"Number" "Date" "Time" "Interface" "Origin" "Type" "Action"
"Service" "Source Port" "Source" "Destination" "Protocol" "Rule" "Rule Na
me" "Current Rule Number" "User" "Information" "Product" "Source Machine Name" "Source User Name"
"473" "4Dec2013" "23:59:01" "" "AAMESXF604" "Log" "Log In" "" "" "ip72-198-30-53.ok.ok.cox.net" "AAMESXF604" "" "" ""
"" "usthompst"Thank you Mjolinor this seems to have given me a good output, now do you know of a method using the out-datable and write-datatable that I can use to directly upload the objects and data. Really I do not want to have to create another file at this
point I would like to take all of this info and now write it directly to my SQL-Table...
TypeName: Selected.System.Management.Automation.PSCustomObject
Name MemberType Definition
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
Action NoteProperty System.String Action=Log In
Current Rule Number NoteProperty System.String Current Rule Number=
Date NoteProperty System.String Date=4Dec2013
Destination NoteProperty System.String Destination=******
Information NoteProperty System.String Information=VPN internal source IP: *.*.*.*; reason: disconnected from gateway
Interface NoteProperty System.String Interface=
Number NoteProperty System.String Number=473
Origin NoteProperty System.String Origin=********
Product NoteProperty System.String Product=Security Gateway/Management
Protocol NoteProperty System.String Protocol=
Rule NoteProperty System.String Rule=
Rule Name NoteProperty System.String Rule Name=
Service NoteProperty System.String Service=
Source NoteProperty System.String Source=ip*-*-*-*.ok.ok.cox.net
Source Machine Name NoteProperty System.String Source Machine Name=
Source Port NoteProperty System.String Source Port=
Source User Name NoteProperty System.String Source User Name=
Time NoteProperty System.String Time=23:59:01
Type NoteProperty System.String Type=Log
User NoteProperty System.String User=******* -
Hi,
Now that the Internet Connect application has been removed from 10.5, I'm struggling to find the log file for VPN connections.
Can anyone help?Now that the Internet Connect application has been removed from 10.5
It is not that is has been removed it has been replaced and is now configured in your network preferences.
but in answer to your question the log file is at
/var/log/ppp.log -
Hi,
Could you tell me if the FireSight log the authentication VPN access by username? If yes, could you send print of example?
I think the 5506 is new, but if works on FireSight, the LOG will work on 5506 too, correct?
TksArkid wrote:
Can you please tell me how??
I am able to do it by createing an object of the inner class in the outer class.. Yes, that's how. That would also be how you access the members of a class which wasn't an inner class, too. It's exactly the same thing. Don't assume that because there are some differences between the way inner classes and other ("external?") classes are treated, that everything must be different. Normally language designers prefer not to have special cases unless they are necessary.
Is there an alternative way..Not really. What's wrong with using the normal Java mechanism? -
I have configured Easy VPN on Cisco 1751 router, clients are logging via cisco vpn client from windows xp/2000,power MAC & Redhat Linux. i wanted to see the logging information of the users like at what time the user has logged-in & logged-out, then the public IP address from which he tried logging-in etc... how do i do that?
any one would be highly appreciated.
also is there any client for Intel MAC?Diane
I have limited experience with the 3005 concentrator. But with other 3000 concentrators that I have worked with you can configure the logging level for the various reports. It sounds like your logging level is set to not provide much detail (and minimize volitility of the log file). Perhaps you can experiment with changing the logging level (higher numbers represent more detail) and see if you get more of what you are looking for.
Having said that I am not sure that the concentrator log messages (at any level) are goig to be very helpful about why webmail did not work. And my experience is that even at greater level of detail they are not real helpful about why an individual user got disconnected.
Good luck.
HTH
Rick -
%ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3293 for TLSv1 session.
%ASA-6-725003: SSL client outside:58.211.122.212/3293 request to resume previous session.
%ASA-6-725002: Device completed SSL handshake with client outside:58.211.122.212/3293
%ASA-6-113012: AAA user authentication Successful : local database : user = admin
%ASA-6-113009: AAA retrieved default group policy (SSLCLientPolicy) for user = admin
%ASA-6-113008: AAA transaction status ACCEPT : user = admin
%ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.grouppolicy = SSLCLientPolicy
%ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.username = admin
%ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.tunnelgroup = SSLClientProfile
%ASA-6-734001: DAP: User admin, Addr 58.211.122.212, Connection Clientless: The following DAP records were selected for this connection: DfltAccessPolicy
%ASA-4-716023: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> Session could not be established: session limit of 2 reached.
%ASA-4-716007: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> WebVPN Unable to create session.
%ASA-6-302013: Built inbound TCP connection 137616 for outside:58.211.122.212/3294 (58.211.122.212/3294) to identity:61.155.55.66/443 (61.155.55.66/443)
%ASA-6-302013: Built inbound TCP connection 137617 for outside:58.211.122.212/3295 (58.211.122.212/3295) to identity:61.155.55.66/443 (61.155.55.66/443)
%ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3294 for TLSv1 session.
%ASA-6-725003: SSL client outside:58.211.122.212/3294 request to resume previous session.
%ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3295 for TLSv1 session.
%ASA-6-725003: SSL client outside:58.211.122.212/3295 request to resume previous session.
Red error what is the reason? Only appears in the window 2003 server.ciscoasa# show activation-key
Serial Number: JMX1314Z1UV
Running Activation Key: 0x9625fa6a 0x68e90200 0x38c3adac 0xaa0448d0 0x4b3815b6
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
The flash activation key is the SAME as the running key.
ciscoasa#
Sure ?it was licence question? -
Hi,
I am having very strange type of errors for our Webvpn users in the logs below:
11405 03/24/2005 22:45:35.080 SEV=4 HTTP/50 RPT=58 81.158.96.133
HTTP 404 Not Found (/_vti_inf.html)
11406 03/24/2005 22:45:35.160 SEV=4 HTTP/50 RPT=59 81.158.96.133
HTTP 404 Not Found (/_vti_bin/shtml.exe/_vti_rpc)
I do not know why its being generated.
Also, our VPN3000 has been rebooted itself without any reason. Since then I can see these logs.
need help urgently please.
Any thoughts will be welcome.
regards
KhaleefaThe log messages that you are seeing are not a result of anything the webvpn client is doing. Those specific requests are associated to Microsoft Frontpage and it is quite common for vulnerability scanners to look for this given the number of issues that have existed with Frontpage.
Steve -
Today we had a very disturbing failure. We have a fully functional VPN on our ASA 5510 adaptive security device running 8.2(5). I was setting up a new user on a Windows 7 Professional 64 bit machine using FireFox instead of Internet Explorer.
The initial connection worked fine but the download of the client failed. I clicked on the link provided to manually download the client and the Cisco VPN client appeared to download and install properly. However, when I attempted to open the VPN after the client install it again said that the automatic download of the client failed and it offered the link to download the client again, which I did with exactly the same result.
I thought that perhaps the problem was with FireFox so I opened Internet Explorer and entered the url for the VPN. After the user-id and password were entered (and validated) I received the same error about the client download failure and I selected the link to manually download just like I did the other 3 times in FireFox. This time it actually looked like it was working as I received the certificate error about AnyConnect (which I normally get) however, the login screen remained on the page after I clicked on the certificate error to continue.
The PC appeared to hang so I ended the VPN session and then attempted to reestablish the connection. This time when I entered the user-id and password it came back saying "Invalid Logon". I tried again and received the same result. I tried a different user but no joy... same result... invalid login. I went to a different PC; one that had been working fine only a few minutes earlier, and I received the same invalid login message no matter which user-id and password I entered. Something had happened that was blocking all users from connecting to the VPN.
I didn't want to believe that attempting to connect to the VPN using FireFox on a Windows 7 64 bit machine could somehow bring my Cisco VPN down but I was out of options... so I rebooted the ASA and much to my disappoinment the reboot fully restored the VPN service.
Now if this were a $75 dollar LinkSys Router instead of a several thousand dollar security device I would just shake it off, but how can it be that a failed connection attempt could bring a Cisco ASA 5510 VPN to its knees? I thought that maybe I had exceeded the license max for SSL VPN connections... I think its 2... but if that was the cause then why wouldn't the message indicate such instead of just saying "invalid login". Also, there were no other open connectionsat the time, unless all the failed downlaod attempts counted as active sessions. I also had already checked in ASDM and no active VPN sessions were listed.
Any guidence anyone can provide would be greatly appreciated.
EdHi Edward,
I went through the issue and I think that you have only 2 license for SSL and when you try connection multiple times, nomatter whether the install took place correctly or it failed but the sessions were built on the ASA and after building the session, ASA pushed those files on the client machines. I know it does give you a irrelevant message saying "Invalid Logon" however if you will run the debug web svc 255 on the ASA (using SSH/Telnet), you will see a message:
Session could not be established. Session limit of 2 reached
You are saying that you did not see any session on the ASA, so could you please get the output of the command:
debug web anyconnect 255 (or debug web svc 255) and share with us.
Thanks,
Vishnu Sharma -
I am running Bordermanager 3.7 and need to find out who and when users have accessed the network using VPN. I have scoured the interweb and can only find options information on SITE-TO-SITE VPN.
Please HelpOn 05/20/2010 08:16 PM, JebediahShapnacker wrote:
>
> I am running Bordermanager 3.7 and need to find out who and when users
> have accessed the network using VPN. I have scoured the interweb and can
> only find options information on SITE-TO-SITE VPN.
>
> Please Help
>
>
long time ago bm 3.7, if i recall you may find some info on nwadmn32,
select bm server object, tools menu,novell bordermanager, select virtual
private network and right click and select view member activity, clients
tab -
Cannot connect to Lion VPN service unless server is locally logged into?
I work remotely a lot. After I upgraded to Lion server, I am unable to connect to the VPN service remotely unless I physically go over to the server (mac pro) and log into the desktop manually.
Previously, if my Snow Leopard server restarted (due to power failure, etc) and it re-booted up to the login screen, I could still logon to the VPN remotely as the VPN service would always startup (at the login screen) without a user having to be logging in.
Now, with Lion Server (10.7.4), if the server restarts, I cannot login back to the VPN. I have to get someone to go over to the server and manually login, then I can access VPN just fine. (I do not, and will not turn automatic login on on my server due to the huge security risk.)
How do I get the Lion Server VPN service to startup before or at the logon screen even if no user is logged in?
Help is greatly appreciated!Can you SSH into the box when VPN isn't working?
If so, ssh into the box, and look at the VPN logs when you're attempting to use the VPN. The logs are (usually) in /var/log/ppp/vpnd.log
I typically look at logs like this so I can see how they're updated in real time:
tail -f /var/log/ppp/vpnd.log
If you're VPN login is failing and there is data being pushed to that log, it may help us to figure out what's going on with your system.
Ricardo -
Good Cisco VPN 3030 Log Analyzer
I need your advice on VPN Conc log analyzer. I am using Kiwi Syslog Enterprise as syslog server. Does any body know or have a recommendation for a good VPN log analyzer that analyzes VPN logs and spit out a report?
The RME Syslog Analyzer matches syslog messages with managed devices, so for a very large database (a very large number of devices in inventory), high CPU utilization can be expected for this process, even with a lower message rate. Also note that attempting to generate reports when the database insert rate is high and sustained is the worst case possible.
Maybe you are looking for
-
I can't get my Dynamic PDF Widget to work in Captivate 7
Hello all, I've been trying to get my Dynamic PDF to work in my Captivate 7 project. I have created a button on the final slide where I want the user to open the PDF, I have named it correctly to correspond with the Dynamic PDF. I have also updated e
-
How can you see all the open tabs?
When I use the drop-down Windows menu, it only shows the name of the window, not the tabs within each window. And I don't an option for "Activity Window" (like on Safari), or anything else that will show me all open tabs. How can I see them, as flipp
-
Updated payment details due to a new debit card
I've recently changed debit cards and was told by my bank that all Direct debits wold be transferred over to this new card. However a payment was never taken from my new card and could not be taken from my old card and now I can't use any of my adobe
-
Material Ledger Active - K088 Settlement doesnt use Actual Cost Comp Split
Production Order quantities are all scrap (in confirmation) thus order balance contains Consumed Materials and Activity Allocation When KO88 Settlement is run, the system uses Standard Cost Component Split to allocate the residual to Cost Components
-
Hello All, I like to write a PL SQL Procedure for the below sql statements. I like to pass all values from first sql stmnt to update columns in second sql stmnt based on dund_cc that is selecting from first sql stmnt. Please help me out how can I put