03-29-2024 04:12 PM
Hello @Metgatz
we have implemented IP-User mapping from AnyConnect clients by parsing ASA logs. For AnyConnect session connection and disconnection there are below syslog messages generated.
746012
Error Message %ASA-5-746012: user-identity: Add IP-User mapping IP Address - domain_name \user_name result - reason
Explanation: A new user-IP mapping has been added to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reason is VPN user. The failure reasons include the following: Maximum user limit reached and Duplicated address.
746013
Error Message %ASA-5-746013: user-identity: Delete IP-User mapping IP Address - domain_name \user_name result - reason
Explanation: A change has been made to the user-to-IP address mapping database. The status of the operation (success or failure) is indicated. The success reasons include the following: Inactive timeout, NetBIOS probing failed, PIP notification, VPN user logout, Cut-through-proxy user logout, and MAC address mismatch. The failure reason is PIP notification.
In our case this works well to update User-ID mapping in Firewalls.
Kind Regards
Pavel
