Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

logging PIX 525 logons & commands in ACS


I have Cisco ACS 3.3. I have a PIX 525, version 6.3(5). I have the PIX authenticating in TACACS, configured on the ACS box.

But, the PIX logons don't appear in TACACS Accounting Log on the ACS box. I have a 6509 (catOS), and a 3745 (IOS 12.3) doing TACACS authentication off the ACS box - for the 6509 & 3745, logon events DO appear in TACACS accounting log on the ACS box.

PIX logons DO appear in the Passed Authentications log in ACS.

Further, I would like to get commands done on the PIX to be logged on the ACS box. I've achieved this with the 6509 & the 3745.

I checked out "aaa accounting ..." on the PIX box. Did this :

aaa acc include telnet inside 0 0 TACACS+

Managed to log a user making a telnet connection to the outside (which is what documentation seemed to be saying, but one can hope...)

Here's the relevant part of PIX running-config (w/out the aaa accoun... command from above - took it out since it didn't work) :

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server TACACS+ (inside) host <key> timeout 10

aaa-server LOCAL protocol local

aaa authentication telnet console TACACS+

In ACS, Interface Configuration, TACACS+ (Cisco), TACACS+ Services, I have check marks on PPP IP, Shell (exec), and PIX Shell (pixshell).

I looked in ACS for other things that might not be enabled, but couldn't recognize anything else as relevant.


Cisco Employee

Re: logging PIX 525 logons & commands in ACS

PIX does not support command and administrative accounting until v7.0, which is why you can't find anything in the 6.3 documentation about it :-) (the Enhanced AAA Section)

Command Reference's for this is here: