topic Re: External User Accounting in Network Access Control

External User Accounting

santoshm_75 — Sun, 10 Mar 2019 23:53:44 GMT

Hi,

We are implementing the Cisco VPN solution for the customer and using ACS for the accounting purposes.

1. ASA 5520 is getting used for RA VPN

2. ACS 4.2 (Solution Engine-1113) is getting used for user authentication, authorization and accounting.

3. ACS is talking to RSA manager(7.1) and Active Directory (Windows 2003) for the user database and token verification related to two-factor authentication.

As the user database is external to ACS and is there in Active Directory, I am not getting the user name when they are getting logged in to the network and also it is not possible to do the accounting.

Customer is interested to get the accounting of the users getting logged in using RA VPN on the basis of the user name. At present we are getting the accounting details of the user on the basis of the IP Address which is getting assigned by ASA.

I could not find out any ways where we could provide the accounting on the username basis as the database is external, am I missing something ?

Please help.

Re: External User Accounting

Jatin Katyal — Wed, 20 Jan 2010 15:20:42 GMT

Hi,

It doesn't matter where user exits. If we have radius accounting enabled on the ASA and ACS. It will surely log the session with username. However make sure that you have selected the username under the logged attributes.

In order to check this go to system configuration > logging > radius accounting > click on configure > move the username under logged attributes table and try again.

Detailed steps:

To configure CiscoSecure ACS to perform RADIUS accounting using CSV, perform these steps:

In the navigation bar, click System Configuration.
Click Logging. The Logging Configuration page appears.
Select CSV RADIUS Accounting.
Confirm that the Log to CSV RADIUS Accounting report check box is selected. If it is not selected, select it now.
In the Select Attributes To Log table, make sure that the RADIUS attributes you want to see in the RADIUS accounting log appear in the Logged Attributes list. In addition to the standard RADIUS attributes, there are several special logging attributes provided by CiscoSecure ACS, such as Real Name, ExtDB Info, and Logged Remotely.

Please let me know if that works.

HTH

Regards,

Plz rate helpful posts-

Re: External User Accounting

santoshm_75 — Fri, 22 Jan 2010 09:58:49 GMT

Hi,

I have done all the configuration changes what you have mention. But still ACS is showing unknown user in accouting details.

Please find the ACS accouting SNAP attached for your reference.