Technical Tip: Single SSL VPN user login visible as two in reports/logs
Description
This article discussed about the single SSL VPN user logins visible as two logins in reports/logs.
Solution
Example.
This article discussed about the single SSL VPN user logins visible as two logins in reports/logs.
Solution
Example.
44 user1 ssl-tunnel 4417 62971290 41629175 21342115
78 user1 ssl-web 4443 0 0 0This is expected behaviour as visible from 'tunneltype' attribute.
In the above example 'tunneltype = SSL-web' means the traffic is going through SSL-web and 'tunneltype = SSL-tunne'" means the traffic is going through SSL-tunnel.
When using only tunnel mode, the SSL-web is used for authentication.
Therefore, after the tunnel is established, there will be no traffic going through SSL-web, all traffic will go through SSL-tunnel.Thus the recorded bytes for SSL-web is 0.
Even is SSL VPN web mode is disabled, logs for both Tunnel as well as web mode will be get.
