our customer has a vpn tunnel site-to-site with another company . The vpn is established between two routers and its working fine . The users in the customer site can login to a web server in the remote peer site using username & password through this tunnel . Our customer need to log the time that the users login to this web server.
Is the ACS do that or not ?? and how ??
if the ACS cannot do that , is there any other method can be used to log the users login??
ACS is a Radius and Tacacs server. So the question would be, Can/does your web server support Radius/tacacs protocol ? If yes, then you can add the web server as a client on the ACS server, and configure your web server for Radius/tacacs accounting and send the accounting logs to ACS server.
I doubt this to be the case.
AFAIK, the web servers also have some logging feature/functionality. Check with the web server documentation, there must be some option to log the user logins/activity on the web server.
i want to tell you something that the web server isnot under our control .it is controlled by the peer company.So we need to log the users login to this server (using any method) without changing anything in the web server settings.
i mean we need to do that from our side.
Also if the ACS cannot do that , is there any other S/W do that?
The security appliance can send accounting information to a RADIUS or TACACS+ server about any TCP or UDP traffic that passes through the security appliance. If that traffic is also authenticated, then the AAA server can maintain accounting information by username. If the traffic is not authenticated, the AAA server can maintain accounting information by IP address. Accounting information includes when sessions start and stop, username, the number of bytes that pass through the security appliance for the session, the service used, and the duration of each session.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :