Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1100
Views
0
Helpful
2
Replies

asa accounting

Go to solution
veronika.klauzova
Level 1
Level 1

‎01-02-2012 02:05 PM

Hello guys,

I would like to kindly ask if somebody can give me a advice on following situation:

I'm playing with Asa device in version 8.2(5). I setup it with freeradius and mysql. I try do accounting with asa:

My setup:


ASA configuration for accounting:

aaa accounting match ACCOUNTING inside Radius

aaa accounting match ACCOUNTING outside Radius


ASA ACL:

show running-config access-list ACCOUNTING

access-list ACCOUNTING extended permit ip any any

access-list ACCOUNTING extended permit tcp any any

access-list ACCOUNTING extended permit udp any any

access-list ACCOUNTING extended permit icmp any any

I obtaion to mysql log from asa accounting. But my problem is that: I receive data just with start and end session that match the ACL. I don't find better way on how to do it. I want record all vpn user session -> start and end session when user log into vpn. Not just when the user match my interesting traffic ACL.

Thanks for any advice!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎01-10-2012 01:27 AM

Hi Veronika,

try this:

tunnel-group general-attributes

accounting-server-group Radius

To be honest I don't know off the top of my head if this will work without also doing radius authentication - so if you're not doing radius authentication and the above doesn't work, try adding it, i.e.:

tunnel-group general-attributes

authentication-server-group Radius

hth

Herbert

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎01-10-2012 01:27 AM

Hi Veronika,

try this:

tunnel-group general-attributes

accounting-server-group Radius

To be honest I don't know off the top of my head if this will work without also doing radius authentication - so if you're not doing radius authentication and the above doesn't work, try adding it, i.e.:

tunnel-group general-attributes

authentication-server-group Radius

hth

Herbert

0 Helpful

Go to solution
veronika.klauzova
Level 1
Level 1

‎01-18-2012 06:51 AM

Yeah, that's true and thanks for your reply. I found it here: http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a1.html#wp1560638
I am just posting the link if somebody will be interested in same topic. Your answer is correct, first time I was doing some other type of accounting - it was cut-through acct.

Best regards,

Veronika

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents