Solved: How to account total connection time with TACACS+

ccaoto · ‎01-09-2003

Hi, We have the following scenario, this company uses two methods for remote access (for employees only) : through RAS dial-up connections, or using VPN clients to connect to a PIX 535 through the Internet. We need to do accounting for the total connection time, in the case of RAS connections is easy, we run AAA TACACS+ between the RAS and the ACS (ver 2.1) and verify the start/stop time. But with the Internet connection the start/stop time reflects the total time for each connection per user i.e. telnet, snmp, ftp, etc but this connections could be simultaneous (or not), so we can not just add each connections total time for one user, it could be greater than the real time that this user was really connected. So, how could we account for total connection time in this case?

Thanks in advance for your recommendations

gfullage · ‎01-12-2003

Unfortunately you don't. Accounting for VPN users in the PIX has been on the drawing board for a while now, but so far has not been implemented. You can check the progress on bug ID CSCdu01327 for further updates.

View solution in original post

gfullage · ‎01-12-2003

Unfortunately you don't. Accounting for VPN users in the PIX has been on the drawing board for a while now, but so far has not been implemented. You can check the progress on bug ID CSCdu01327 for further updates.

ccaoto · ‎01-13-2003

Thank you Glenn, I review the bug notes and setup an alarm on it, meanwhile we will try some workaround as stated on the bug notes.

Best regards

Carlos C.