RE: Cisco ACS 4.2 and ASA from Tyson Scott on 2010-05-18 (Ccielab archives 05/2010)

From: Tyson Scott <tscott_at_ipexpert.com>
Date: Tue, 18 May 2010 09:05:13 -0400

You are not going to get accounting for authentication for VPN. You will
get passed and failed attempts. Accounting is not intended for what you are
trying to do. What is your goal? I am still a little unclear based on your
first email and the following statements.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
Telephone: +1.810.326.1444, ext. 208

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Shaughn Smith
Sent: Tuesday, May 18, 2010 8:39 AM
To: Ryan West
Cc: Cisco certification
Subject: Re: Cisco ACS 4.2 and ASA

Just to add, i want to view the tacacs+ Auth logs for my remote VPN users,
not for local Admin access via SSH,console,Telnet.

CCIE # 23962 (SP)

On Tue, May 18, 2010 at 2:00 PM, Shaughn Smith <maniac.smg_at_gmail.com> wrote:

> AAa configuration on the ASA
>
> xxxxxxx# sh running-config | include aaa
> aaa-server TACACS+ protocol tacacs+
> aaa-server TACACS+ (inside) host xxx.xxx.xxx.xxx
> aaa authentication telnet console LOCAL
> aaa authentication http console LOCAL
> aaa authentication serial console LOCAL
> aaa authentication ssh console LOCAL
> aaa accounting enable console TACACS+
>
>
> On Tue, May 18, 2010 at 1:19 PM, Shaughn Smith
<maniac.smg_at_gmail.com>wrote:
>
>> Should have clarified, I can see entries in the passed and failed logs.
>>
>> AAA config coming up
>>
>> On Tue, May 18, 2010 at 1:18 PM, Ryan West <rwest_at_zyedge.com> wrote:
>>
>>> Can you post your AAA config? Do you see entries in the passed and
>>> failed auth logs?
>>>
>>> Sent from handheld.
>>>
>>> On May 18, 2010, at 7:01 AM, "Shaughn Smith" <maniac.smg_at_gmail.com>
>>> wrote:
>>>
>>> > Hi All
>>> >
>>> > I have a very strange problem. I am running Cisco ASC 4.2 as well as
>>> > a 5540
>>> > ASA, I have setup TACACS+ auth to the ACS which is working 100%.
>>> > However
>>> > when i try and view the reports for Tacacs+ accounting the reports are
>>> > blank. Same goes for Tacacs+ Administration.
>>> >
>>> > I have seen there were some bugs with ACS 4.1 but havent been able
>>> > to find
>>> > any issues relating to 4.2, anyone here seen this before ?
>>> >
>>> > Thanks
>>> >
>>> > CCIE # 23962 (SP)
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> >
Received on Tue May 18 2010 - 09:05:13 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART