cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

587
Views
0
Helpful
2
Replies
glemaire
Beginner

ACS Proxy Distribution Table - Logs ?

Hello,

I have setup a proxy distribution table in my Cisco ACS v4.2 (patch 6).

I have two type of users: Suppliers (external) and TI user (internal). They connect to our Internal Network by a VPN SSL connection (AEP Netilla box).

This box have 2 realms. One for suppliers, another for TI users.

The aim is that:

* For the suppliers connect trought the Netilla box which forwards the authentication (RADIUS Authentication) to the ACS which forwards the request to an RSA server.

* For TI User, they connect trought the Netilla Box which forwards the request (RADIUS Authentication) to the ACS which check the Active Directory.

=> It's working perfectly.

The problem is that I have no logs from the ACS box about the suppliers which are forwarded to the RSA server. If possible, I want to know which users try to connect, if they are permit (or not) and eventually how many times they are connected.

The problem is the Netilla box doesn't have Radius Accouting.

I was hoping that the ACS logs these kinds of connections. (It's working for users, TI users, authenticated by the Active Directory).

Is-it possible that the ACS forwards only the request without taking attention of what it is forwared (except remove the Character String).

Is there another way to do what I'm talking about ?

See my VISIO attachement.

Thanks in advance for your attention,

2 REPLIES 2
smahbub
Frequent Contributor

The starting point for enabling and configuring service logs is the Service Control page, which you access by choosing System Configuration > Service Control. The starting point for enabling and configuring all other logs and loggers is the Logging Configuration page, which you access by choosing System Configuration > Logging. The Logging Configuration page also displays which ACS logs are currently enabled.

Patrick Knee
Beginner

I really hate draggin up old posts, but I have the same exact question.  In my scenario, I am proxying requests for eduroam (basically any user name that ends in .uk, .com, .ca or any other country suffix) off to our national server(s).  I would like to know if/when these requests get proxied over.  smahbub's suggestion only directs where to find the settings for loggin.  I have these enabled, but cannot seem to locate any setting that applies to the proxy distribution table.  If anyone has any idea, it would be greatly appreciated.

Thanks,

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel