I have Cisco ACS 3.3. I have a PIX 525, version 6.3(5). I have the PIX authenticating in TACACS, configured on the ACS box.
But, the PIX logons don't appear in TACACS Accounting Log on the ACS box. I have a 6509 (catOS), and a 3745 (IOS 12.3) doing TACACS authentication off the ACS box - for the 6509 & 3745, logon events DO appear in TACACS accounting log on the ACS box.
PIX logons DO appear in the Passed Authentications log in ACS.
Further, I would like to get commands done on the PIX to be logged on the ACS box. I've achieved this with the 6509 & the 3745.
I checked out "aaa accounting ..." on the PIX box. Did this :
aaa acc include telnet inside 0 0 TACACS+
Managed to log a user making a telnet connection to the outside (which is what documentation seemed to be saying, but one can hope...)
Here's the relevant part of PIX running-config (w/out the aaa accoun... command from above - took it out since it didn't work) :
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...