Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

External User Accounting


We are implementing the Cisco VPN solution for the customer and using ACS for the accounting purposes.

1.       ASA 5520 is getting used for RA VPN

2.       ACS 4.2 (Solution Engine-1113) is getting used for user authentication, authorization and accounting.

3.       ACS is talking to RSA manager(7.1) and Active Directory (Windows 2003) for the user database and token verification related to two-factor authentication.

As the user database is external to ACS and is there in Active Directory, I am not getting the user name when they are getting logged in to the network and also it is not possible to do the accounting.

Customer is interested to get the accounting of the users getting logged in using RA VPN on the basis of the user name. At present we are getting the accounting details of the user on the basis of the IP Address which is getting assigned by ASA.

I could not find out any ways where we could provide the accounting on the username basis as the database is external, am I missing something ?

Please help.

Cisco Employee

Re: External User Accounting


It doesn't matter where user exits. If we have radius accounting enabled on the ASA and ACS. It will surely log the session with username. However make sure that you have selected the username under the logged attributes.

In order to check this go to system configuration > logging > radius accounting > click on configure > move the username under logged attributes table and try again.

Detailed steps:

To configure CiscoSecure ACS to perform RADIUS accounting using CSV,       perform these steps:

  1. In the navigation bar, click System             Configuration.

  2. Click Logging. The Logging Configuration page             appears.

  3. Select CSV RADIUS Accounting.

  4. Confirm that the Log to CSV RADIUS Accounting             report check box is selected. If it is not selected, select it             now.

  5. In the Select Attributes To Log table, make sure             that the RADIUS attributes you want to see in the RADIUS accounting log appear             in the Logged Attributes list. In addition to the standard             RADIUS attributes, there are several special logging attributes provided by             CiscoSecure ACS, such as Real Name, ExtDB Info, and Logged             Remotely.

Please let me know if that works.




Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: External User Accounting


I have done all the configuration changes what you have mention. But still ACS is showing unknown user in accouting details.

Please find the ACS accouting SNAP attached for your reference.

CreatePlease login to create content