Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco VPN client to router accounting with ACS3.0

I have this Cisco VPN connectio to 2611 router, and authentication is working fine with the ACS server, i just can't get any Accounting information. I'm able to see the failed attemp, and local telnet accounting, but not the VPN connection accounting. what am i missing, the following is the configuration

hostname VPN-Router

!

aaa new-model

!

!

aaa authentication login user-test group tacacs+

aaa authentication ppp default group radius local

aaa authorization network default group radius if-authenticated

aaa authorization network group-test local

aaa accounting send stop-record authentication failure

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting resource default start-stop group tacacs+

aaa session-id common

any suggestion would be appreciate.

6 REPLIES
Cisco Employee

Re: Cisco VPN client to router accounting with ACS3.0

Accounting for VPN client connections is currently not supported, which is why you can't get it to work. I believe it's on the roadmap, but I have no timeframe for you.

Sorry about that.

New Member

Re: Cisco VPN client to router accounting with ACS3.0

HI Gfullage

thanks for your reply, but why it's working for VPN Client to PIX connection, the only problem that i'm having is VPN client to Router.

Cisco Employee

Re: Cisco VPN client to router accounting with ACS3.0

There's no accounting for VPN connections into a PIX either (see bug CSCdu01327). The accounting your seeing with the PIX connections is accounting of the session through the PIX after the VPN has been established, this is not the same and will only account for whatever the user does through the PIX, not for the VPN connection to the PIX itself (which may or may not be the same).

The router doesn't have any through-traffic accounting capability like the PIX does.

New Member

Re: Cisco VPN client to router accounting with ACS3.0

Hi

too bad they don't support accounting function, that's really helpful for managing outside client. Are you guys planing to add this function soon?

anyway, thank you so much for your help. i appreciate that so much. thanks

have a nice day

Simon

Cisco Employee

Re: Cisco VPN client to router accounting with ACS3.0

A bug (actually an enhancement request) has been open for a while now, so hopefully they'll get into a future release of code. Customers are asking for it so it will get done eventually, it just needs to be prioritised I guess.

New Member

Re: Cisco VPN client to router accounting with ACS3.0

Hi guys

As this subject is current for my customer I wonder whether or not in the meantime aaa accounting has been implemented for PIX VPN Client users. I find this is a basic feature and therefore shoud be prioritized.

Please keep me updated.

Thanks

Toni

123
Views
0
Helpful
6
Replies