Lab Minutes Forum
Technical Discussion => Security => Topic started by: milin1607 on March 22, 2016, 03:29:11 AM
-
Dear Team,
I would like to do accounting for Anyconnect VPN users and also would like to monitor the activities performed by the vpn user ?
Is it possible ? If yes then please explain in brief.
Thanks,
Milin
-
If you are authenticating VPN user against RADIUS server, you should automatically get accounting (eg. when user logged on/off) as part of RADIUS log.
For monitoring, what are you after on user activities? Destination IP, port, protocol?
-
Hi Team,
My customer required :-
AnyConnect VPN user activity details such as after connected AnyConnect VPN user to the network, what resources he has accessed (RDP or any other activity), how long he has connected to the network and so on.
Can we achieve the same with using Cisco ISE integration with ASA ?
Thanks,
Milin M. Mistry
-
RADIUS accounting only give you session start-stop. If you need traffic log, the most basic form is sending ASA connection log to a syslog server. If you also need user and application info, you may want to look into Firepower. Firepower can integrate with ISE and automatically correlate username to traffic.