AAA and multiple context ASA for multi-tenant cloud practice

m.yost · ‎12-29-2014

My company has a new cloud practice and are using multiple context ASAs for different tenants. The customers do not manage the contexts, we do. As of right now, the way we manage the customers contexts is by SSHing into the Admin context then we do a "changeto" in order to access the other contexts. There is no logical connection to their context. We have AAA set up on the Admin context and it is talking to a SecureACS server. One thing I noticed is that once I do a "changeto" and go to a customer context, I don't seem to receive accounting messages anymore. Authoriation doesn't seem to matter anymore at this point either. Obviously the local context AAA has taken over.

Is there any way for the other contexts to send authorization and accounting information via the admin context? I would rather not create logical management connections from our VRF on the core into each customer context if I don't have to. My guess is that I will need to do this, but figured I would see if anyone knew a special way to avoid doing this.

Thanks

Vibhor Amrodia · ‎12-30-2014

Hi,

You would have to define the AAA commands separately for each of the contexts.

Thanks and Regards,

Vibhor Amrodia

CSCO12079629 · ‎11-16-2017

I tried this, and there are still no logs in ACS. Probably would be if I SSHd into the non-admin context directly where the additional AAA config has been placed.