Cisco's ACS server can help you with this. Integrate the ACS server to allow authentication, authorization, and accounting via your Microsoft Active Directory, for instance. Every time someone authenticates to the VPN, or to any Cisco device, it authenticates them through ACS to see if they are 1) a domain user and 2) are authorized for the level of access they are trying to gain.
IOS Router Configuration In addition to your preset configuration, these commands are required on an IOS router or switch in order to implement command authorization through an ACS server: aaa new-model aaa authorization config-commands aaa authorization commands 0 default group tacacs+ local aaa authorization commands 1 default group tacacs+ local aaa authorization commands 15 default group tacacs+ local tacacs-server host 10.1.1.1 tacacs-server key cisco123 ASA/PIX/FWSM Configuration In addition to your preset configuration, these commands are required on ASA/PIX/FWSM in order to implement command authorization through an ACS server: aaa-server authserver protocol tacacs+ aaa-server authserver host 10.1.1.1 aaa authorization command authserver From: http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration _example09186a00808d9138.shtml HTH, Brian Valentine From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ZEESHAN SANAULLAH Sent: Friday, June 06, 2008 12:57 AM To: [EMAIL PROTECTED]; [email protected]; [EMAIL PROTECTED] Subject: [OSL | CCIE_RS] ASA VPN Logging Hello !! Is it possible to Log Remote Access VPN events such as who accessed what through the VPN and at what time if any plz tell me the solution thanx _____ Now you can invite friends from Facebook and other groups to join you on Windows LiveT Messenger. Add them now! <https://www.invite2messenger.net/im/?source=TXT_EML_WLH_AddNow_Now> No virus found in this incoming message. Checked by AVG. Version: 8.0.100 / Virus Database: 270.0.0/1486 - Release Date: 6/5/2008 6:29 PM
