Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AAA Accounting

Status
Not open for further replies.
don1907

don1907

IS-IT--Management
Dec 14, 2006
33
0
0
US
I wish to setup accounting on our pix 515e firewall. We are running 6.3(3). What is the the proper aaa accounting command to get full logging to show in the ISA logs. Listed below is the aaa section on the PIX

aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server EPA-RADIUS protocol radius
aaa-server EPA-RADIUS (inside) host xxx.xxx.xx.xx p1xrad1u5 timeout 10
aaa authentication ssh console LOCAL
 
Sort by date Sort by votes
logging on
logging timestamp
logging standby
logging console critical
logging monitor debugging
logging buffered debugging
logging trap informational
logging history informational
logging queue 3000
logging host inside x.x.x.x/1468
 
Upvote 0 Downvote
I have added the following lines, and the sections on the pix looks like

logging on
logging timestamp
logging standby
logging console critical
logging monitor debugging
logging buffered debugging
logging trap informational
logging history informational
logging queue 3000

aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server EPA-RADIUS protocol radius
aaa-server EPA-RADIUS (inside) host 192.168.30.xx p1xrad1u5 timeout 10
aaa authentication ssh console LOCAL

but the ias log file shows only the connect time, no other infomation, such as IP, disconnect or time spent thru the pix vpn client
 
Upvote 0 Downvote
I see that you have aaa authentication configured, but not aaa accounting. Set that up and you should be on your way.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
What is the proper command line to use for aaa accounting? Ia am fairly new to PIX
 
Upvote 0 Downvote
I want for you to take a look at the following link. Try to get it set up for yourself and if you have problems post back and we'll help you further. Nobody learns from other people doing ;-)


I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
All our users are using VPN from the outside to resources on the LAN. Does this command make any sense.

aaa accounting include any inbound 0 0 0 0 TACACS+
 
Upvote 0 Downvote
yes. So any inbound connections from any remote host will be logged to the TACACS+ server

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
I added aaa accounting include any inbound 0 0 0 0 TACACS+ to the pix and then recieved a message
No authentication servers found!
 
Upvote 0 Downvote
IAS does radius and not TACACS. Additionally IAS doesn't support accounting only authentication. Sounds like you need ACS.
 
Upvote 0 Downvote
Unclerico please show me where it supports command accounting. Yes, it has accounting showing logoff and log on, but heck the IAS logs show that.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rabdallah
  • Locked
  • Question
Netscreen 208 WebAuth radius accounting
Replies
0
Views
12
rabdallah
rabdallah
kunz12
  • Locked
  • Question
AAA Command Accounting on Cisco ASA 5520
Replies
1
Views
12
Supergrrover
Supergrrover
brianinms
  • Locked
  • Question
AAA VPN configuration
Replies
0
Views
14
brianinms
brianinms
toip2007
  • Locked
  • Question
Radius accounting
Replies
0
Views
9
toip2007
toip2007
BigFinn
  • Locked
  • Question
IAS AAA server without AD?
Replies
1
Views
342
brianinms
brianinms

Part and Inventory Search

Sponsor

Back
Top