We are implementing the Cisco VPN solution for the customer and using ACS for the accounting purposes.
1.ASA 5520 is getting used for RA VPN
2.ACS 4.2 (Solution Engine-1113) is getting used for user authentication, authorization and accounting.
3.ACS is talking to RSA manager(7.1) and Active Directory (Windows 2003) for the user database and token verification related to two-factor authentication.
As the user database is external to ACS and is there in Active Directory, I am not getting the user name when they are getting logged in to the network and also it is not possible to do the accounting.
Customer is interested to get the accounting of the users getting logged in using RA VPN on the basis of the user name.At present we are getting the accounting details of the user on the basis of the IP Address which is getting assigned by ASA.
I could not find out any ways where we could provide the accounting on the username basis as the database is external, am I missing something ?
It doesn't matter where user exits. If we have radius accounting enabled on the ASA and ACS. It will surely log the session with username. However make sure that you have selected the username under the logged attributes.
In order to check this go to system configuration > logging > radius accounting > click on configure > move the username under logged attributes table and try again.
To configure CiscoSecure ACS to perform RADIUS accounting using CSV, perform these steps:
In the navigation bar, click System Configuration.
Click Logging. The Logging Configuration page appears.
Select CSV RADIUS Accounting.
Confirm that the Log to CSV RADIUS Accounting report check box is selected. If it is not selected, select it now.
In the Select Attributes To Log table, make sure that the RADIUS attributes you want to see in the RADIUS accounting log appear in the Logged Attributes list. In addition to the standard RADIUS attributes, there are several special logging attributes provided by CiscoSecure ACS, such as Real Name, ExtDB Info, and Logged Remotely.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :