I am using IOS 12.2(8)T and sending RADIUS accounting records to ACS 2.6. The records include the Tunnel-Client-Endpoint value, but ACS does not write it to records in the accounting file. Accounting debug on the router shows:
RADIUS: Tunnel-Client-Endpoi 14 00:"x.x.x.x"
where x.x.x.x is the client address. Is there a bug in ACS or IOS that prevents this value from being displayed?
If you go under System Configuration - Logging and select the Radius Accounting section, you can change the columns that are displayed in teh Radius Accounting log. You should see Tunnel-Client-Endpoint as one of the available columns, so add that in and you should see it in the log file from then on.
Note you won't see it for old log records, just new ones that come in from then on.
The field is already displayed in the accounting log but ACS does not write a value into the field. I have recently been told by TAC that this is a "limitation" in the router that is being "worked on" (case D099200). I think it should be added to the bug list so it can be tracked but TAC seems reluctant to add it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...