Configuring Accounting for
Traffic Through the Firewall
Accounting can be configured for cartage through the firewall application either
RADIUS or TACACS+. It is configured application the afterward command:
aaa accounting {include | exclude} acct_service {inbound | outbound |
NOTE
Accounting can alone be configured with RADIUS and TACACS+. There is
no such affair as bounded accounting.
The syntax for this command is actual agnate to that of the aaa authentication
command.All ambit are the aforementioned except for acct_service. Possible ethics for
the acct_service constant are any, ftp, http, telnet, or
values for agreement are 6 (TCP) and 17 (UDP), and the anchorage amount can range
from 1 to 65535. Setting the anchorage amount to 0 indicates all ports.
For example, the afterward command generates accounting abstracts for all hosts
that accomplish any outbound account requests and sends the abstracts to the AAA server
in the AuthOutbound group:
PIX1(config)# aaa accounting accommodate any outbound 0 0 0 0 AuthOutbound
You do not charge to accomplish any agreement tasks on the Cisco Secure
ACS server for it to be able to accept accounting abstracts from a PIX firewall.To
view accounting abstracts that is stored on a Cisco Secure ACS server, bang the
Reports and Activity button from the capital screen, as apparent in Figure 5.37.
Authentication, Authorization, and Accounting • Chapter 5 273
From aural the Reports and Activity window, bang the TACACS+
Accounting link, as apparent in Figure 5.38.
Figure 5.37 Cisco Secure ACS: Navigating to Accounting Data
Figure 5.38 The Cisco Secure ACS Reports and Activity Window
274 Chapter 5 • Authentication, Authorization, and Accounting
Select the adapted TACACS+ accounting file, as apparent in Figure 5.39.
Figure 5.40 shows the blazon of abstracts that is displayed afterwards you baddest the
desired TACACS+ accounting file.
Figure 5.39 Cisco Secure ACS: Selecting a TACACS+ Accounting File
Figure 5.40 Cisco Secure ACS: TACACS+ Accounting Data