12-29-2014 05:38 AM - edited 03-11-2019 10:16 PM
My company has a new cloud practice and are using multiple context ASAs for different tenants. The customers do not manage the contexts, we do. As of right now, the way we manage the customers contexts is by SSHing into the Admin context then we do a "changeto" in order to access the other contexts. There is no logical connection to their context. We have AAA set up on the Admin context and it is talking to a SecureACS server. One thing I noticed is that once I do a "changeto" and go to a customer context, I don't seem to receive accounting messages anymore. Authoriation doesn't seem to matter anymore at this point either. Obviously the local context AAA has taken over.
Is there any way for the other contexts to send authorization and accounting information via the admin context? I would rather not create logical management connections from our VRF on the core into each customer context if I don't have to. My guess is that I will need to do this, but figured I would see if anyone knew a special way to avoid doing this.
Thanks
12-30-2014 02:17 AM
Hi,
You would have to define the AAA commands separately for each of the contexts.
Thanks and Regards,
Vibhor Amrodia
11-16-2017 09:18 AM
I tried this, and there are still no logs in ACS. Probably would be if I SSHd into the non-admin context directly where the additional AAA config has been placed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide