We have an ASA running 7.0(6)8 and use CSACS v4.1
For remote access, we have VPN groups set-up on the ASA. Our remote users connect to our network, are authenticated via the CSACS server, then are assigned an IP address from the relevant address pool on the ASA.
At the moment, I can use "show uauth" on the ASA to determine which user has been assigned a particular IP address, as long as they are currently connected.
But, what I'd like to be able to do is determine which user had an IP address at a particular time in the past.
E.g. if our device logs show activity from a particular IP address, I'd like to be able to trace back to find out which user had been assigned that IP address at the time.
Can anyone suggest how I might achieve this? I'm guessing that I need to set-up some sort of accounting between the ASA and the CSACS server but I'm not really sure what exactly is required.
Any help/advice would be appreciated. Thanks.