[c-nsp] Cisco ASA - Configuring Accounting for Network Access

Antonio Soares amsoares at netcabo.pt
Mon Oct 31 13:55:31 EDT 2011


Joseph, do we need Identity Firewall as Ryan mentioned in order to get this
syslog message ?

Thanks.

Regards,

Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net



-----Original Message-----
From: Joseph Karpenko [mailto:karpenko at cisco.com] 
Sent: segunda-feira, 31 de Outubro de 2011 17:36
To: Antonio Soares
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco ASA - Configuring Accounting for Network Access

what about the following syslog mesg, limited URL/URI visibility,
coupled with the 5-tuple syslog mesg(s)?

304001
------
Error Message        %ASA-5-304001: user at source_address [(idfw_user)]
Accessed URL dest_address: url.
Explanation          The specified host tried to access the specified URL.
Recommended Action   None required.

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.ht
ml#wp4770864


regards,

-- 

/karpenko

On 2011.10.31-16:38:02 -0000, Antonio Soares <amsoares at netcabo.pt> wrote:
> Date: Mon, 31 Oct 2011 16:38:02 -0000
> From: Antonio Soares <amsoares at netcabo.pt>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco ASA - Configuring Accounting for Network Access
> Authentication-Results: rcdn-inbound-b.cisco.com; dkim=neutral (message
not
>  signed) header.i=none
> X-OriginalArrivalTime: 31 Oct 2011 16:44:09.0597 (UTC)
>  FILETIME=[4FEDEAD0:01CC97EC]
> 
> Hello group,
> 
> I have a customer that was using a Web Proxy to monitor user
> access to the internet. Now the customer is asking me if the ASA
> can help him monitor the users access to the internet because the
> proxy is not working. He wants to know which users are accessing
> which sites. The only feature I was able to find that could help
> the client is Network Access Accounting:
> 
>
<http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_gui
de/access_fwaaa.html#wp1151104>
> 
> I made a test in my lab and basically the ASA sends information
> about the source-ip:source-port->destination-ip:destination-port
> to the aaa server.  This should be enough but it is not very
> practical. The customer wants some nice real time graphics showing
> him what users are doing. Do we have any solution without
> replacing the ASA with something else ? Is this just me or the
> reporting capabilities of the ASA are very basic ?
> 
> 
> Thanks.
> 
> Regards,
> 
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoares at netcabo.pt
> http://www.ccie18473.net
> 
> [   --------------- End of Included Message ---------------   ]



More information about the cisco-nsp mailing list