cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
348
Views
0
Helpful
3
Replies

Pix 515 radius issue

metzie_2022
Level 1
Level 1

I have a pix 515 running 6.3(4).

We already have VPN running for a while in a test situation. I'm currently testing different radius software to see wich complies complies to our needs. The problem i experience is that when the pix successfully autenticates a user, it won't send a "session start" or "session stop" to the radius software. This causes some problems, sine i cannot track how long a user has been connected.

I already looked into the aaa accounting settings, but i can only enable accounting for all ip traffic, or http, ftp and telnet. When i enable accounting for my 3 VPN subnets, our pix creates new accouting sessions for every new tcp/ip session that is set up. In this case a user connecting via VPN causes a lot of individual sessions (because of wins, dns, netbios, etc). So this is not a solution i can use.

Could it be i must upgrade to a higher OS version to fix this problem? I read 6.3(5) is out already. And 7.01 as well. I'm not sure though if i'm permitted to upgrade to PIX os 7 in my current license.

3 Replies 3

metzie_2022
Level 1
Level 1

Does anyone know something abbout this issue?

metzie_2022
Level 1
Level 1

I asked our PIX reseller to open a tocket with cisco tech support about this issue. They told me that the feature i want to use (aaa sessions) is not implementen in PIX os 6.x.x. It is implemented partially in PIX os 7. So i'm going to upgrade. I'll report my findings when i'm done.

metzie_2022
Level 1
Level 1

I finaly have it working. I have upgraded to PIX OS 7.04. This gives you a new command that you can apply to the Tunnel-group general settings.

It's called accounting-server-group

When you apply this to the tunnel-group it will send all tunnel related accountings statics to the specified aaa-server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: