correlating VPN assigned IP address with particular users - CSACS and ASA
We have an ASA running 7.0(6)8 and use CSACS v4.1
For remote access, we have VPN groups set-up on the ASA. Our remote users connect to our network, are authenticated via the CSACS server, then are assigned an IP address from the relevant address pool on the ASA.
At the moment, I can use "show uauth" on the ASA to determine which user has been assigned a particular IP address, as long as they are currently connected.
But, what I'd like to be able to do is determine which user had an IP address at a particular time in the past.
E.g. if our device logs show activity from a particular IP address, I'd like to be able to trace back to find out which user had been assigned that IP address at the time.
Can anyone suggest how I might achieve this? I'm guessing that I need to set-up some sort of accounting between the ASA and the CSACS server but I'm not really sure what exactly is required.
Re: correlating VPN assigned IP address with particular users -
Hmmm, thanks - I've made some progress in that I now have the VPN users appearing in the TACACS accounting logs (after adding accounting-server-group within the tunnel-group attributes, as you suggested) but it doesn't actually tell me what IP address has been assigned to the user.
I noticed in your previous response you suggested using "aaa accounting delay-start" in order to get the assigned IP address but I still can't see how to configure this on the ASA?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...