04-16-2002 05:36 AM - edited 02-21-2020 11:41 AM
I am trying to get accounting working for my users who connect to my PIX with the VPN3000 client. The users are authenticated using tacacs to mu ACS server. I want to include accounting. Here is what I use for authentication
aaa-server vpnauth protocol tacacs+
aaa-server vpnauth (inside) host 192.168.20.4 secret timeout 20
crypto map CanadaMap client authentication vpnauth
When I add the following line I still do not get any accounting information.
aaa accounting include any inbound 0 0 0 0 vpnauth
Any ideas ??
04-23-2002 04:54 PM
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Thank you for posting.
07-31-2002 10:16 PM
Hello,
Its the bug with the Cisco Secure ACS v 3.0. Here's the solution given on the Cisco web site:-
Symptom:
In CSNT 3.0, tacacs+ accounting packets are being logged in the
tacacs+ administration logs instead of tacacs+
accounting logs for some devices such as the pix & switch.
Workaround:
To make CSNT 3.0 work like previous versions,
stop CSNT services, back up the registry, & run regedit to
make the changes below:
HKEY_LOCAL_MACHINE\SOFTWARE\CiscoAAAv3.0\CSLOG\Loggers\CSV TACACS+
Accounting filter=preV3_tacacsAccountingFilter
HKEY_LOCAL_MACHINE\SOFTWARE\CiscoAAAv3.0\CSLOG\Loggers\CSV TACACS+
Administration=preV3_tacacsAdminFilter
Then restart the services.
Cheers,
Ramesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: