Re: RE: Cisco ACS 4.2 and ASA

I rebooted that ASA, re-added the accounting commands and the tunnel-group
and voila. Seems to be working. Thanks everyone for their input

CCIE # 23962 (SP)

On Tue, May 18, 2010 at 3:33 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:

> So the accounting-server-group under the tunnel group did not give you
> what you are looking for. If not then switch to RADIUS. It should
> definitely give you accounting information for when the users connect and
> disconnect from the VPN.
>
>
>
> Regards,
>
>
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
>
> Technical Instructor - IPexpert, Inc.
>
> Mailto: tscott_at_ipexpert.com
>
> Telephone: +1.810.326.1444, ext. 208
>
> Live Assistance, Please visit: www.ipexpert.com/chat
>
>
>
>
>
> *From:* Shaughn Smith [mailto:maniac.smg_at_gmail.com]
> *Sent:* Tuesday, May 18, 2010 9:27 AM
> *To:* Tyson Scott
> *Cc:* Cisco certification; Ryan West
> *Subject:* Re: RE: Cisco ACS 4.2 and ASA
>
>
>
> Thanks I have enabled all of those commands before but no difference,I am
> going to reload and test.
>
> BTW this isn't for work purposes, I am testing in a lab environment to
> become more familiar with ACS, but I will remember your comments.
>
> Thanks
>
> CCIE # 23962 (SP)
>
> On May 18, 2010 3:20 PM, "Tyson Scott" <tscott_at_ipexpert.com> wrote:
>
> Shaughn,
>
>
>
> Maybe command accounting is a newer feature but it is definitely available
> in 8.2. (But it should be aaa accounting command privilege 15 TACACS+).
>
>
>
> It is not what you are looking for. That is for local command accounting.
>
>
>
> What do you want? Do you want accounting for what the users are accessing
> when they VPN or just when they authenticate? What is the goal?
>
>
>
> You may add the following
>
>
>
> tunnel-group <your tunnel group> general-attributes
>
> accounting-server-group <SERVER-GROUP>
>
>
>
> You may need to use RADIUS for this. I have not tested it before with
> TACACS+. I am not sure it will gather everything you want but it should be
> getting closer.
>
>
>
> Also for future reference. If this is for work, which it seems to be as
> you are not referencing tasks related to a practice lab then this is
> considered off topic. It then is courtesy to add in the subject line OT:
> <subject> to allow others to recognize what it is. This is a long standing
> rule for group study.
>
> Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical
> Instructor - IPexpert, ...
>
> *From:* Shaughn Smith [mailto:maniac.smg_at_gmail.com]
> *Sent:* Tuesday, May 18, 2010 9:08 AM
> *To:* Tyson Scott
> *Cc:* Ryan West; Cisco certification
>
> Subject: Re: Cisco ACS 4.2 and ASA
>
> Commands is an invalid entry, however i entered privilege 1 and 15, it
> was already in the range...

Blogs and organic groups at http://www.ccie.net
Received on Tue May 18 2010 - 15:56:15 ART