03-11-2017 10:25 PM
Hi,
I have the following config for the vpn (asa), Radius is ISE , But in ise I cant see any accounting for this group ?
tunnel-group vpntest general-attributes
address-pool test-vpnpool
authentication-server-group ISE
accounting-server-group ISE
default-group-policy GroupPolicy-vpntest
password-management
logging enable
logging trap notifications
logging asdm informational
logging host Inside 192.168.1.100 17/5000(syslog)
logging permit-hostdown
Thanks
03-12-2017 07:24 AM
Where are you looking for accounting? We would normally look in the ISE Live Logs.
When you defined your aaa server group, did you indicate for it to do "interim-accounting-update"?
There is a good document that you can follow here:
https://communities.cisco.com/docs/DOC-68158
03-12-2017 08:48 PM
Hi,
"Where are you looking for accounting? We would normally look in the ISE Live Logs.".
I just want to see once the anyconnect vpn established what the user accessed .
And in ise live logs it is not showing anything
Thanks
03-13-2017 12:03 AM
The ISE Live Log will only show accounting events that are conveyed from the ASA via RADIUS.
Those events include things like Authentication and Authorization events, results of Posture Assessment - things which are attributes of the endpoint and user or the result of ISE policies.
They do not include information about what the user accessed.
03-13-2017 01:20 AM
Hi Marvin ,
Thanks for the information .In order to get those information what we need to do
Thanks
03-13-2017 01:53 AM
If you have a Netflow collector you could run install and configure the optional Network Visibility Module (NVM) AnyConnect component. It could then send flow data about what destinations were accessed. You might also be able to export Netflow records from the ASA but they might be overwhelming if that is also your edge firewall.
You'd have to have something like Cisco Stealthwatch or another collector to do the collection and analysis bits. I'm not aware of anything else native to ISE or the ASA that would give you such data.
03-13-2017 02:54 AM
Hi,
Thank you for the information . In an enterprise ,when we asked about details like that normally how we could acheive such details.Sorry it's a general question .
Previously when i was using acs , I used to get accounting details like user activities ( eg port configuration ) from the switches
Now when i moved to ise , I am not getting anything
Thanks
03-13-2017 05:44 AM
Ah - activities such as commands done while logged into a device are included when your are using ISE as your TACACS+ AAA server (requires the Device Adminstration license). When you do that, there is a separate set of logs that are shown on the ISE server
That's distinct from general VPN user activities and the configuration you referenced in your original post. The accounting details there are only specific to the RADIUS authentication and authorization events.
09-27-2017 11:14 PM
Is it possible to account in live logs on ISE the IP addresses allocated to each remote access vpn user session by the ASA? I suppose on the ASA must be configured a specific command, if it's possible.
Thank you!
Ionut
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide