01-09-2003 11:38 AM - edited 03-10-2019 07:06 AM
Hi, We have the following scenario, this company uses two methods for remote access (for employees only) : through RAS dial-up connections, or using VPN clients to connect to a PIX 535 through the Internet. We need to do accounting for the total connection time, in the case of RAS connections is easy, we run AAA TACACS+ between the RAS and the ACS (ver 2.1) and verify the start/stop time. But with the Internet connection the start/stop time reflects the total time for each connection per user i.e. telnet, snmp, ftp, etc but this connections could be simultaneous (or not), so we can not just add each connections total time for one user, it could be greater than the real time that this user was really connected. So, how could we account for total connection time in this case?
Thanks in advance for your recommendations
Solved! Go to Solution.
01-12-2003 05:04 PM
Unfortunately you don't. Accounting for VPN users in the PIX has been on the drawing board for a while now, but so far has not been implemented. You can check the progress on bug ID CSCdu01327 for further updates.
01-12-2003 05:04 PM
Unfortunately you don't. Accounting for VPN users in the PIX has been on the drawing board for a while now, but so far has not been implemented. You can check the progress on bug ID CSCdu01327 for further updates.
01-13-2003 10:51 AM
Thank you Glenn, I review the bug notes and setup an alarm on it, meanwhile we will try some workaround as stated on the bug notes.
Best regards
Carlos C.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide