My understanding of this is, you can log accounting through the pix, but not to the pix. So if the IPSEC tunnel terminates to the PIX you are in a situation where accounting does not work because access is terminated at the pix via the VPN tunnel. I also have never been able to get accounting working in the same manner as you. Maybe we can get some input from the Moderator ?
Accounting is not working. I would like it to work. I am only using the TACACS server to authenticate the VPN users first. Which works just fine.
I believe I should be able to get the logging working since we also use the TACACS server to monitor who is accessing which router. I notice that it tells me who and for how long. Now I would like to do the same with the VPN users. On the routers we just had to put
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
I am looking for the equivilent command for the PIX.
Yes I am to !!! But as I stated before the information I have is that it is not possible to do accounting for traffic terminating to the pix such as IPSEC (VPN). I am also terminating VPN connections to a PIX firewall and authenticating users to the Cisco ACS server with Tacacs and I have tried using accounting but it does not work. Accounting only works on the pix for traffic traveling through the PIX, ie; traffice from inside to outside or the other way around depending on your firewall rules. It is a little confusing and maybe someone else has a better way to explain it. Maybe opening a ticket with the TAC.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...