EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #901 background imageLoading...
Page #901 background image
1-21
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Identity Firewall
Monitoring the Identity Firewall
! Apply VPN-Filter with bypassing access-list check enabled
sysopt connection permit-vpn
access-list v1 extended permit ip user LOCAL\idfw any 10.0.0.0 255.255.255.0
access-list v2 extended deny ip user LOCAL\user1 any 10.0.0.0 255.255.255.0
username user1 password QkBIIYVi6IFLEsYv encrypted privilege 0 username user1 attributes
vpn-group-policy group1 vpn-filter value v2 >> Per user VPN-filter control
username idfw password eEm2dmjMaopcGozT encrypted
username idfw attributes
vpn-group-policy testgroup vpn-filter value v1
sysopt connection permit-vpn
access-list v1 extended permit ip user LOCAL\idfw any 10.0.0.0 255.255.255.0 access-list
v1 extended deny ip user LOCAL\user1 any 10.0.0.0 255.255.255.0 group-policy group1
internal
group-policy group1 attributes >> Per group VPN-filter control
vpn-filter value v1
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
Collecting User Statistics
To activate the collection of user statistics by the Modular Policy Framework and match lookup actions
for the Identify Firewall, enter the following command:
Monitoring the Identity Firewall
This section contains the following topics:
• Monitoring AD Agents, page 1-22
• Monitoring Groups, page 1-22
• Monitoring Memory Usage for the Identity Firewall, page 1-22
• Monitoring Users for the Identity Firewall, page 1-23
Command Purpose
user-statistics [accounting | scanning]
Example:
hostname(config)# class-map c-identity-example-1
hostname(config-cmap)# match access-list
identity-example-1
hostname(config-cmap)# exit
hostname(config)# policy-map p-identity-example-1
hostname(config-pmap)# class c-identity-example-1
hostname(config-pmap)# user-statistics accounting
hostname(config-pmap)# exit
hostname(config)# service-policy p-identity-example-1
interface outside
Activates the collection of user statistics by the Modular
Policy Framework and matches lookup actions for the
Identify Firewall.
The accounting keyword specifies that the ASA collect the
sent packet count, sent drop count, and received packet count.
The scanning keyword specifies that the ASA collect only the
sent drop count.
When you configure a policy map to collect user statistics, the
ASA collects detailed statistics for selected users. When you
specify the user-statistics command without the accounting
or scanning keywords, the ASA collects both accounting and
scanning statistics.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals