Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
0
Helpful
1
Replies

logging PIX 525 logons & commands in ACS

linnea.wren
Level 1
Level 1

‎09-26-2005 07:03 PM - edited ‎03-10-2019 02:19 PM

Hi,

I have Cisco ACS 3.3. I have a PIX 525, version 6.3(5). I have the PIX authenticating in TACACS, configured on the ACS box.

But, the PIX logons don't appear in TACACS Accounting Log on the ACS box. I have a 6509 (catOS), and a 3745 (IOS 12.3) doing TACACS authentication off the ACS box - for the 6509 & 3745, logon events DO appear in TACACS accounting log on the ACS box.

PIX logons DO appear in the Passed Authentications log in ACS.

Further, I would like to get commands done on the PIX to be logged on the ACS box. I've achieved this with the 6509 & the 3745.

I checked out "aaa accounting ..." on the PIX box. Did this :

aaa acc include telnet inside 0 0 TACACS+

Managed to log a user making a telnet connection to the outside (which is what documentation seemed to be saying, but one can hope...)

Here's the relevant part of PIX running-config (w/out the aaa accoun... command from above - took it out since it didn't work) :

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server TACACS+ (inside) host 10.10.1.231 <key> timeout 10

aaa-server LOCAL protocol local

aaa authentication telnet console TACACS+

In ACS, Interface Configuration, TACACS+ (Cisco), TACACS+ Services, I have check marks on PPP IP, Shell (exec), and PIX Shell (pixshell).

I looked in ACS for other things that might not be enabled, but couldn't recognize anything else as relevant.

Help?

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎10-02-2005 08:10 PM

PIX does not support command and administrative accounting until v7.0, which is why you can't find anything in the 6.3 documentation about it :-)

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/70_rn/pix_70rn.htm#wp162402 (the Enhanced AAA Section)

Command Reference's for this is here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/ab.htm#wp1381036

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/ab.htm#wp1381150

0 Helpful
Customers Also Viewed These Support Documents