VPN Accouting

saxenanitesh8522 · ‎06-06-2012

Hi,

I am doing a Remote Access VPN. The authentication and authorization are happening local to the router. But I want to do accounting through radius server and it generates logs when the user logs in and logs out.

Is this possible? that Authentication & Authorziation local and Accouting is being done from the Radius Server.

My Radius Server is the Windows 2008 Server with NPS enabled.

Please guide me if you can to resolve this issue.

Thanks,

Nitesh

Jatin Katyal · ‎06-06-2012

local accounting is not supported so it has to be via radius server.

yes you may set the authentication to local and accounting to radius server.

tunnel-group xxx type remote-access

tunnel-group xxx general-attributes

address-pool aaa

accounting-server-group RAD1

default-group-policy xxx

The user will be defined on local asa database only. On the Acs you would see corresponding start and stop packet for logon and log-off for vpn users.

radius accounting on NPS

http://technet.microsoft.com/en-us/library/dd197475%28v=ws.10%29.aspx

Regards,

Jatin

Do rate helpful posts-

~Jatin

saxenanitesh8522 · ‎06-06-2012

Hi Jatin,

My authentication & authorization is happening locally in the router. that is working properly.

when i have given the accouting anme in the in the crypto group but its not happening. I can do the ping but its not saving the logs. There is no logging file getting generated.

Is there way to check or debug the accounting is happening either on windows or router to see if the accounting is working properly?

thanks,

Nitesh

Jatin Katyal · ‎06-06-2012

could you please provide me the following o/p:

show run | sec crypto

Where are you looking for radius accounting?

also enable debug aaa accounting and post it in your next reply.

Regards,

Jatin

Do rate helpful posts-

~Jatin