logging of vpn traffic

Hi all
We use aour ASAs (5520 w/ 7.2.1 and 5540 w/ 7.0.5) as a firewall
and as vpn concentrator for LAN2LAN and mobile VPN. The access
from these VPN networks to any other network is controlled by
We have the need to know who (source ip) is accessing which
target and service.
By using a access-list similat to this
extended permit ip any object-group vpn_networks log not int 5
extended permit aobject-group vpn_networks any log not int 5
axtended permit ip any any log disabled
and using this access-list with the access-group for outgoing
traffic we would be able to see some traffic. We will not be able
to identify the traffic into the Internet (since it's NATed -->
source ip has been changed) and will also not see blocked
traffic. We have to deny the traffic in the access-lists of the
group-policys since we make use of downloadable ACLs from the
radius server.
Any ideas how to increase the logging?
The logs are sent to our syslog server.
Reply to
Jörg Schütter
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.