CISCO 1800 VPN Activity Logging

[vbahuse]

Hello all,

I've recently added a Cisco 1800 series router to my network in order to provide VPN access from the outside through the use of the Cisco VPN Client software. I don't have many users which access the site but have been asked if I can keep a log of who logged in, when, and for how long. Is this possible, and if so what configuration change(s) do I have to make.

By the way, I used the Cisco Security Device Manager to configure the router for VPN and use local authentication (i.e. each user has an account right in the router to gain access via VPN).

Thanks,

vbahuse

 

[burtsbees]

The best way is for users to authenticate to a TACACS+ and ACS server via AAA, but that is VERY costly...

Depending on the image, and if it has crypto you can likely do this, I would use ip accounting and maybe ip route-cache

http://www.ciscopress.com/content/images/9781587051982/samplechapter/1587051982_CH06.pdf

Burt

 

[vbahuse]

Burt,

Thanks for the link. I've had a quick review of the pdf but have noticed that none of the IP accounting methods discussed can identify the user by login account. The table on the last page indicates that only IP address or MAC address can be used depending on the IP accounting method.

I guess this is far more complicated than I thought. I had assumed that there was a CLI command to view relatively recent activity (i.e. something like show cypto session but with a history of logins as opposed to current ones.)

Anyway thanks for the reply,

vbahuse

 

[brianinms]

The cheapest and fastest way is to install IAS on your active directory server. You then authenticate the vpn users to IAS and you can configure IAS to log.