Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2199
Views
0
Helpful
4
Replies

PIX VPN Accounting

Go to solution
wagrjohn
Level 1
Level 1

‎05-09-2003 09:08 AM - edited ‎03-10-2019 07:17 AM

Hi,

Is there any way to get the PIX to do accounting for VPN connections. I currently have it set up to do VPN authentication via radius, but once it authenticates, nothing is sent from the pix via the radius-acct port (1813) to indicate success/failure etc. I know you can account other services like ssh/telnet/http connections TO the pix itself or through it. I tried "rigging" it by accounting any connections to udp/4500, but that didn't seem to work. There doesn't seem to be any command to enable vpn accounting, at least not that I could find. If anyone has any ideas it would be appreciated. I'm running a PIX 515e w/6.3 and using Freeradius running on Linux.

Thanks.

- John

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mhoda
Level 5
Level 5
In response to wagrjohn

‎05-12-2003 04:29 PM

John,

Unfortunately, what you are trying to collect is not possible as of yet. Thanks,

Mynul

View solution in original post

0 Helpful
4 Replies 4

Go to solution
mhoda
Level 5
Level 5

‎05-11-2003 10:13 AM

John,

It is possible to do xauth accounting. Please refer to the following tech tip:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008010a206.shtml#howto3

Note: The sysopt connection permit-ipsec command, not the sysopt ipsec pl-compatible command, is necessary for xauth accounting to work. Xauth accounting does not work with only the sysopt ipsec pl-compatible command. Xauth accounting is valid for TCP connections, not ICMP or UDP.

Thanks,

Mynul

0 Helpful

Go to solution
wagrjohn
Level 1
Level 1
In response to mhoda

‎05-12-2003 02:47 PM

Hi and thanks for replying. That just seemed to account all tcp connections passing through the PIX via VPN after the authentication. It did not account the actual client VPN authentication and connection to the PIX. :(

I tried from a client that does transparent tunneling from behind another firewall and a client not behind a firewall, and no accounting info was sent from the VPN PIX at all. Any other suggestions or maybe this kind of accounting is not available for the PIX right now, since it probably was meant to do mainly site-to-site VPNs and not client-to-PIX?

Thanks again,

- John

0 Helpful

Go to solution
mhoda
Level 5
Level 5
In response to wagrjohn

‎05-12-2003 04:29 PM

John,

Unfortunately, what you are trying to collect is not possible as of yet. Thanks,

Mynul

0 Helpful

Go to solution
wagrjohn
Level 1
Level 1
In response to mhoda

‎05-13-2003 11:34 AM

Thanks!

Time to call the account rep....

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents