aaa accounting on a pix - Cisco Community

1985

Views

0

Helpful

4

Replies

Here is my current configuration and the authentication works fine.

aaa-server Auth protocol tacacs+

aaa-server Auth (inside) host XXX.XXX.XXX.XXX Password timeout 5

aaa authentication ssh console Auth

aaa authentication ssh telnet Auth

Now I want to apply accounting to the configuration so that I know what is being changed on the pix (version 6.2) and who is logged on.

aaa accounting include any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Auth

Accounting is working fine on my switches and routers.

Thanks,

4 Replies 4

Here is the besy url which talks about "Performing Authentication, Authorization, and Accounting of Users Through PIX Versions 5.2 and Later"

http://www.cisco.com/warp/customer/110/atp52.html

You can refer just accounting part on that url to configure accounting

Seems like you are trying to get accounting for managing the pix, like what commadns the user executes after they telnet/ssh etc.. this feature is not available as of yet on the pix.

aaa accounting include any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Auth

This command will only do the accounting for the pass-thru traffic, not the activities (commands executed on the pix) done on the pix. I hope this answers your question.

Thanks,

Mynul

Thanks that answers my question. Any idea when it is going to be available?

Hi,

We do not have any dates for this, I would suggest you you contact your account team .

Thanks

Sujit