We already have VPN running for a while in a test situation. I'm currently testing different radius software to see wich complies complies to our needs. The problem i experience is that when the pix successfully autenticates a user, it won't send a "session start" or "session stop" to the radius software. This causes some problems, sine i cannot track how long a user has been connected.
I already looked into the aaa accounting settings, but i can only enable accounting for all ip traffic, or http, ftp and telnet. When i enable accounting for my 3 VPN subnets, our pix creates new accouting sessions for every new tcp/ip session that is set up. In this case a user connecting via VPN causes a lot of individual sessions (because of wins, dns, netbios, etc). So this is not a solution i can use.
Could it be i must upgrade to a higher OS version to fix this problem? I read 6.3(5) is out already. And 7.01 as well. I'm not sure though if i'm permitted to upgrade to PIX os 7 in my current license.
I asked our PIX reseller to open a tocket with cisco tech support about this issue. They told me that the feature i want to use (aaa sessions) is not implementen in PIX os 6.x.x. It is implemented partially in PIX os 7. So i'm going to upgrade. I'll report my findings when i'm done.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...