Question on ipsec accounting with local authentication
I have a site with a 2811 in place for IPSEC based vpn client connections. The vpn configurations are based on local authentication, however, we would like to be able to log the VPN activity. From what I can tell, this will require a RADIUS server for the logging. Can I continue with local authentication on the 2811, but accounting to a RADIUS server on a Winodws 2003 Server?
I have the RADIUS server configured on the Windows server, but the debug isakmp aaa output shows errors trying to send the start record when a vpn session is established. I see nothing in any logs on the Windows server side.
Can anyone shed some light on the situation for me? Am I trying to accomplish the impossible? If it's possible, what am I missing?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...