Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Pix 515 radius issue

I have a pix 515 running 6.3(4).

We already have VPN running for a while in a test situation. I'm currently testing different radius software to see wich complies complies to our needs. The problem i experience is that when the pix successfully autenticates a user, it won't send a "session start" or "session stop" to the radius software. This causes some problems, sine i cannot track how long a user has been connected.

I already looked into the aaa accounting settings, but i can only enable accounting for all ip traffic, or http, ftp and telnet. When i enable accounting for my 3 VPN subnets, our pix creates new accouting sessions for every new tcp/ip session that is set up. In this case a user connecting via VPN causes a lot of individual sessions (because of wins, dns, netbios, etc). So this is not a solution i can use.

Could it be i must upgrade to a higher OS version to fix this problem? I read 6.3(5) is out already. And 7.01 as well. I'm not sure though if i'm permitted to upgrade to PIX os 7 in my current license.

Community Member

Re: Pix 515 radius issue

Does anyone know something abbout this issue?

Community Member

Re: Pix 515 radius issue

I asked our PIX reseller to open a tocket with cisco tech support about this issue. They told me that the feature i want to use (aaa sessions) is not implementen in PIX os 6.x.x. It is implemented partially in PIX os 7. So i'm going to upgrade. I'll report my findings when i'm done.

Community Member

Re: Pix 515 radius issue

I finaly have it working. I have upgraded to PIX OS 7.04. This gives you a new command that you can apply to the Tunnel-group general settings.

It's called accounting-server-group

When you apply this to the tunnel-group it will send all tunnel related accountings statics to the specified aaa-server.

CreatePlease to create content