Guys,
when someone connects to a PIXie with cisco client, you get a log entry like this:
Jun 6 09:19:44 pixie %PIX-2-109011: Authen Session Start: user 'tony', sid
9At least, you do on mine (a 515e running 6.3(4) logging to a Fedora 6 box).
Though it's theoretically possible for a UDP packet to 'go west', I have never seen a situation where a PIX-2-109011 entry goes missing CONSISTENTLY for a PARTICULAR USER but not for any other user. However, that's what's being reported to me. 'tony' always gets a log entry, but 'fred' never does. Also, 'fred' is claiming that he not only connects okay, but has full access across the VPN, and have done for months!!! There is absolutely no evidence to support this claim on the inside network, like read e-mails, file access times changing, etc.
Can anyone think of a plausible explanation for the above?
Thanks for your time
Mup.