Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Pix 7.x/8.x and AAA accounting

In Cisco IOS, I can send AAA accounting log

to multiple AAA servers using a method

called broadcast like this:

aaa group server tacacs+ partner_1

server 192.168.1.1

!

aaa group server tacacs+ partner_2

server 192.168.1.2

aaa accounting exec VTY start-stop broadcast group partner_1 group partner_2

aaa accounting commands 0 VTY start-stop broadcast group partner_1 group partner_2

aaa accounting commands 1 VTY start-stop broadcast group partner_1 group partner_2

aaa accounting commands 15 VTY start-stop broadcast group partner_1 group partner_2

aaa accounting network VTY start-stop broadcast group partner_1 group partner_2

aaa accounting connection VTY start-stop broadcast group partner_1 group partner_2

aaa accounting system default start-stop broadcast group partner_1 group partner_2

aaa accounting resource default start-stop broadcast group partner_1 group partner_2

aaa accounting resource VTY start-stop broadcast group partner_1 group partner_2

Can this be done with Cisco Pix/ASA? In

other words, can I send aaa accounting

log to multiple AAA servers for Pix/ASA

devices? Thanks.

2 REPLIES
joe Bronze
Bronze

Re: Cisco Pix 7.x/8.x and AAA accounting

I haven't been in the lab to study for my security IE yet (still working on the written) but on page 287 of the "Cisco ASA , Pix, and FWSM firewall handbook" it states

"The accounting records are sent to the current active server in the server group configured as server_tag".

The DocCD seems to confirm this...

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html#wpxref29264

"The security appliance contacts the first server in the group. If that server is unavailable, the security appliance contacts the next server in the group, if configured"

If you figure our for sure before the end of this week, let me know. If not this will be one of the first things i test in the lab thursday/friday this week.

-Joe

New Member

Re: Cisco Pix 7.x/8.x and AAA accounting

The question has nothing to do with CCIE. It

has to do with a practical issue.

Can I send AAA acounting for pix/asa devices to

multiple AAA servers, just like routers?

Thanks.

189
Views
0
Helpful
2
Replies
CreatePlease to create content