My company has a new cloud practice and are using multiple context ASAs for different tenants. The customers do not manage the contexts, we do. As of right now, the way we manage the customers contexts is by SSHing into the Admin context then we do a "changeto" in order to access the other contexts. There is no logical connection to their context. We have AAA set up on the Admin context and it is talking to a SecureACS server. One thing I noticed is that once I do a "changeto" and go to a customer context, I don't seem to receive accounting messages anymore. Authoriation doesn't seem to matter anymore at this point either. Obviously the local context AAA has taken over.
Is there any way for the other contexts to send authorization and accounting information via the admin context? I would rather not create logical management connections from our VRF on the core into each customer context if I don't have to. My guess is that I will need to do this, but figured I would see if anyone knew a special way to avoid doing this.
Thanks