Firewall Logging - Username Field??

Firewall Logging - Username Field?? (Full Version)

All Forums >> [ISA 2006 Firewall] >> Logging and Reporting

Message

sgraham978 -> Firewall Logging - Username Field?? (16.Jun.2008 9:58:40 AM)
I'm trying to configure ISA 2006 firewall logging to log the actual users username instead of the IP address when someone connects in via VPN however I have not net been able to do this. Before upgrade to ISA 2006 we were using ISA 2004 which was working fine and collecting the username instead of the IP address but now with 2006 this is not the case. I have checked that all the firewall policies are set to authenticated users instead of 'all users' but still having the same problem. We are not using the microsoft firewall client, just using IE connection settings to specify proxy address. This is how we were doing it with 2004. Is there any trick to getting 2006 to log username details instead of IP address?

paulo.oliveira -> RE: Firewall Logging - Username Field?? (16.Jun.2008 11:24:37 AM)
Hi, there´s no trick about it. You don´t need to set the Users Set to allow only authenticated users, cause once the user is connecting to VPN, he´s passing his credentials and ISA is already authenticating him. What kind of authentication method are you using? PPTP or L2TP/IPSec (PSK or Cert)? Regards, Paulo Oliveira.

sgraham978 -> RE: Firewall Logging - Username Field?? (16.Jun.2008 8:52:34 PM)
We're using PPTP.

sgraham978 -> RE: Firewall Logging - Username Field?? (19.Jun.2008 8:41:37 PM)
I am still unable to get this working properly. Is there anything else that I am missing???

sgraham978 -> RE: Firewall Logging - Username Field?? (3.Jul.2008 10:55:20 PM)
Still having trouble getting this working. When I look at the log files we are getting usernames listed for 'WAN Miniport (PPTP)' Application Protocol but not 'PPTP' Application Protocol. Is there something I've missed enabling for this to work?

sgraham978 -> RE: Firewall Logging - Username Field?? (10.Jul.2008 2:49:47 AM)
Just a bit of an update....this is just a snapshot of the info we've got from the logging....if you look at the 'ClientUserName' column and then compare it to the 'ApplicationProtocol' column you can see what I mean about being able to get the username logged for 'WAN Miniport (PPTP)' but not for 'PPTP'. protocolSourceIPSourcePortDestinationIP DestinationPort OriginalClientIPAction ApplicationProtocol ClientUserName ClientAgent TCP x.x.x.x 1152 x.x.x.x 1723 x.x.x.x Establish PPTP - - GRE x.x.x.x 0 x.x.x.x 0 x.x.x.x Establish PPTP - - - x.x.x.x 0 x.x.x.x 0 x.x.x.x SuccessfulConnection WAN Miniport (PPTP) username VPN remote access TCP x.x.x.x 1152 x.x.x.x 1723 x.x.x.x Intermediate PPTP - - GRE x.x.x.x 0 x.x.x.x 0 x.x.x.x Intermediate PPTP - - TCP x.x.x.x 1152 x.x.x.x 1723 x.x.x.x Intermediate PPTP - - GRE x.x.x.x 0 x.x.x.x 0 x.x.x.x Intermediate PPTP - - TCP x.x.x.x 1152 x.x.x.x 1723 x.x.x.x Terminate PPTP - - - x.x.x.x 0 x.x.x.x 0 x.x.x.x Disconnect WAN Miniport (PPTP) username VPN remote access GRE x.x.x.x 0 x.x.x.x 0 x.x.x.x Terminate PPTP - -

Page: [1]