01-06-2006 12:45 PM - edited 03-10-2019 02:25 PM
I have a PIX firewall V6.3 and a Windows 2000 IAS to authenticate VPN(Client Cisco V 4)users by a Group.
The authentication works fine, but I like to use the accounting to log the user logs on and logs off. Right know it only logs when they connect, but dose not shows them logging off.
Here is my AAA config
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host X.X.X.X ******* timeout 5
01-11-2006 11:41 AM
If you want to account bothe the login and log off, you can use the start-stop command.
An example of that command is
(conf)#aaa accounting exec default start-stop group radius.
Thean apply this to the interface or line required.
If you want some more detailed information, then send me ur current accounting and authorization configuration.
02-03-2006 02:21 AM
Hi, i'm having the same problem as the topic starter. I tried your suggestion using aaa accounting exec, but PIX OS does not support that command.
I tried finding your email adress but it is not listed in your profile. Maybee you can constact me at servicedesk (at) lafarge (dot) nl
02-03-2006 06:12 AM
I got this finally running on PIX os 7.04. You need to modify the tunnel-group general settings. You need to add accounting-server-group
See the command reference http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_book09186a0080484fe1.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide