[c-nsp] Cisco ASA - Configuring Accounting for Network Access
Antonio Soares
amsoares at netcabo.pt
Mon Oct 31 14:11:35 EDT 2011
Now I have the message, I forgot to inspect http:
ASA1(config)# %ASA-5-304001: 10.0.0.100 Accessed URL
20.0.0.100:http://mysite.com/
I think this will be enough to the client at this stage.
Thank you both for pointing me in the right direction.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
-----Original Message-----
From: Antonio Soares [mailto:amsoares at netcabo.pt]
Sent: segunda-feira, 31 de Outubro de 2011 17:56
To: 'Joseph Karpenko'
Cc: 'cisco-nsp at puck.nether.net'
Subject: RE: [c-nsp] Cisco ASA - Configuring Accounting for Network Access
Joseph, do we need Identity Firewall as Ryan mentioned in order to get this
syslog message ?
Thanks.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
-----Original Message-----
From: Joseph Karpenko [mailto:karpenko at cisco.com]
Sent: segunda-feira, 31 de Outubro de 2011 17:36
To: Antonio Soares
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco ASA - Configuring Accounting for Network Access
what about the following syslog mesg, limited URL/URI visibility,
coupled with the 5-tuple syslog mesg(s)?
304001
------
Error Message %ASA-5-304001: user at source_address [(idfw_user)]
Accessed URL dest_address: url.
Explanation The specified host tried to access the specified URL.
Recommended Action None required.
http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.ht
ml#wp4770864
regards,
--
/karpenko
On 2011.10.31-16:38:02 -0000, Antonio Soares <amsoares at netcabo.pt> wrote:
> Date: Mon, 31 Oct 2011 16:38:02 -0000
> From: Antonio Soares <amsoares at netcabo.pt>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco ASA - Configuring Accounting for Network Access
> Authentication-Results: rcdn-inbound-b.cisco.com; dkim=neutral (message
not
> signed) header.i=none
> X-OriginalArrivalTime: 31 Oct 2011 16:44:09.0597 (UTC)
> FILETIME=[4FEDEAD0:01CC97EC]
>
> Hello group,
>
> I have a customer that was using a Web Proxy to monitor user
> access to the internet. Now the customer is asking me if the ASA
> can help him monitor the users access to the internet because the
> proxy is not working. He wants to know which users are accessing
> which sites. The only feature I was able to find that could help
> the client is Network Access Accounting:
>
>
<http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_gui
de/access_fwaaa.html#wp1151104>
>
> I made a test in my lab and basically the ASA sends information
> about the source-ip:source-port->destination-ip:destination-port
> to the aaa server. This should be enough but it is not very
> practical. The customer wants some nice real time graphics showing
> him what users are doing. Do we have any solution without
> replacing the ASA with something else ? Is this just me or the
> reporting capabilities of the ASA are very basic ?
>
>
> Thanks.
>
> Regards,
>
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoares at netcabo.pt
> http://www.ccie18473.net
>
> [ --------------- End of Included Message --------------- ]
More information about the cisco-nsp
mailing list