topic Re: TACACS+ in Network Security

TACACS+

Tuba — Tue, 08 Oct 2019 18:00:41 GMT

I want to keep track of the change in ACL in ASA by using TACACS+ accounting, by determining the user, command, time,...

I have the following command in ASA:

aaa-server ********* protocol tacacs+

aaa-server ********* (inside) host x.x.x.x

aaa-server ********* (inside) host y.y.y.y

aaa-server ********* (inside) host z.z.z.z

aaa-server ********* (inside) host f.f.f.f

aaa authentication enable console ********* LOCAL

aaa authentication ssh console ********* LOCAL

aaa authentication http console ********* LOCAL

aaa authorization command *********

aaa accounting ssh console *********

what configuration should I add in ASA and ACS to enable this feature?

Re: TACACS+

Marius Gunnerud — Tue, 08 Oct 2019 20:56:39 GMT

aaa authorization command *********

aaa accounting ssh console *********

these commands enable command and user accounting. Though I might suggest adding aaa accounting serial ******** incase anyone connects to the console port and makes changes.

Re: TACACS+

Tuba — Wed, 16 Oct 2019 06:47:09 GMT

Can you tell me which is better to use ACL log or TACACS accounting to keep track of changes?

Re: TACACS+

Marius Gunnerud — Wed, 16 Oct 2019 06:51:34 GMT

For changes I would suggest TACACS accounting