ACS Proxy Distribution Table - Logs ?

Unanswered Question


I have setup a proxy distribution table in my Cisco ACS v4.2 (patch 6).

I have two type of users: Suppliers (external) and TI user (internal). They connect to our Internal Network by a VPN SSL connection (AEP Netilla box).

This box have 2 realms. One for suppliers, another for TI users.

The aim is that:

* For the suppliers connect trought the Netilla box which forwards the authentication (RADIUS Authentication) to the ACS which forwards the request to an RSA server.

* For TI User, they connect trought the Netilla Box which forwards the request (RADIUS Authentication) to the ACS which check the Active Directory.

=> It's working perfectly.

The problem is that I have no logs from the ACS box about the suppliers which are forwarded to the RSA server. If possible, I want to know which users try to connect, if they are permit (or not) and eventually how many times they are connected.

The problem is the Netilla box doesn't have Radius Accouting.

I was hoping that the ACS logs these kinds of connections. (It's working for users, TI users, authenticated by the Active Directory).

Is-it possible that the ACS forwards only the request without taking attention of what it is forwared (except remove the Character String).

Is there another way to do what I'm talking about ?

See my VISIO attachement.

Thanks in advance for your attention,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smahbub Wed, 10/29/2008 - 12:43

The starting point for enabling and configuring service logs is the Service Control page, which you access by choosing System Configuration > Service Control. The starting point for enabling and configuring all other logs and loggers is the Logging Configuration page, which you access by choosing System Configuration > Logging. The Logging Configuration page also displays which ACS logs are currently enabled.

Patrick Knee Mon, 05/17/2010 - 11:14

I really hate draggin up old posts, but I have the same exact question.  In my scenario, I am proxying requests for eduroam (basically any user name that ends in .uk, .com, .ca or any other country suffix) off to our national server(s).  I would like to know if/when these requests get proxied over.  smahbub's suggestion only directs where to find the settings for loggin.  I have these enabled, but cannot seem to locate any setting that applies to the proxy distribution table.  If anyone has any idea, it would be greatly appreciated.



This Discussion