Lab Minutes Forum

Technical Discussion => Security => Topic started by: milin1607 on March 22, 2016, 03:29:11 AM

Title: Anyconnect VPN Accounting plus Activity
Post by: milin1607 on March 22, 2016, 03:29:11 AM

Dear Team,
 
I would like to do accounting for Anyconnect VPN users and also would like to monitor the activities performed by the vpn user ?

Is it possible ? If yes then please explain in brief.



Thanks,
Milin

Title: Re: Anyconnect VPN Accounting plus Activity
Post by: MC on March 23, 2016, 05:12:01 PM

If you are authenticating VPN user against RADIUS server, you should automatically get accounting (eg. when user logged on/off) as part of RADIUS log.
For monitoring, what are you after on user activities? Destination IP, port, protocol?

Title: Re: Anyconnect VPN Accounting plus Activity
Post by: milin1607 on April 27, 2016, 11:30:39 PM

Hi Team,

My customer required :-

AnyConnect VPN user activity details such as after connected AnyConnect VPN user to the network, what resources he has accessed (RDP or any other activity), how long he has connected to the network and so on.

Can we achieve the same with using Cisco ISE integration with ASA ?



Thanks,
Milin M. Mistry

Title: Re: Anyconnect VPN Accounting plus Activity
Post by: MC on April 28, 2016, 09:25:46 PM

RADIUS accounting only give you session start-stop. If you need traffic log, the most basic form is sending ASA connection log to a syslog server. If you also need user and application info, you may want to look into Firepower. Firepower can integrate with ISE and automatically correlate username to traffic.