Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX and Win2K Radius 1

Status
Not open for further replies.
cchipman

cchipman

IS-IT--Management
Joined
Sep 16, 2002
Messages
125
Location
US

Is there any benefit to setting the Client-Vendor field in the Settings for an IAS Client setup as opposed to using Radius standard?

Also, what effect would turning on the aaa accounting command do?

Thanks,
Carl Chipman
 
Sort by date Sort by votes
I saw no use to using the Client-vendor field. The IETF radius attributes are usually the same as Cisco's anyway. "AAA accounting" will enable Xauth authentication for VPN users -- more granular logging is enabled with this.
 
Upvote 0 Downvote
I just enabled mine, and it seems pretty cool.

I was able to use the IAS parser to produce the following output:

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\username
Record-Date : 04/17/2003
Record-Time : 13:47:38
Service-Name : IAS
Computer-Name : radius_server_name
Acct-Status-Type : Stop
NAS-Port : 0
Login-IP-Host : 10.0.0.2
Login-TCP-Port : 21
Acct-Session-Id : 0x00097b34
Acct-Session-Time : 10
Acct-Input-Octets : 89
Acct-Output-Octets : 339
Vendor-Specific : Source-IP=10.0.10.1
Vendor-Specific : Source-Port=1038
Vendor-Specific : Destination-IP=server_name
Vendor-Specific : Destination-Port=21
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Stillwater Cisco Vpn Clients
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.

all I added was these lines:

vpdn group 1 client accounting RADIUS
aaa accounting match outside_accounting_RADIUS outside RADIUS
access-list outside_accounting_RADIUS permit tcp StillwaterVpns 255.255.255.0 StillwaterNet 255.255.252.0

Well, truth to be told, I didn't add them, the PDM did.

Works pretty well though...
 
Upvote 0 Downvote
HI.

Thanks for the info.

> Acct-Status-Type : Stop
Do you get also the "start" event?

Can you get from the IAS server a simple log file with start and stop events, so the administrator can look at that log and see both the start and end of each VPN session in a single place?


Yizhar Hurwitz
 
Upvote 0 Downvote
Yes. Here's a sanatized session log

Z:\>c:

C:\>iasparse -f:c:\temp\IN030403.log


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:45:26,IAS,server_name,7,1,5,34,4108,10.0.0.1,4116,9,4
128,Radius Group Name,4129,DOMAIN\usernam,25,311 1 10.0.0.16 04/09/2003 19:45:42 25,4127,3,4130,domain/users/username,4136,1,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:45:26
Service-Name : IAS
Computer-Name : server_name
Framed-Protocol : PPP
NAS-Port : 34
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
SAM-Account-Name : DOMAIN\usernam
Class : 311 1 10.0.0.16 04/09/2003 19:45:42 25
Authentication-Type : MS-CHAP-V1
Fully-Qualifed-User-Name: domain/users/username
Packet-Type : Access-Request
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:45:26,IAS,server_name,25,311 1 10.0.0.16 04/09/2003 1
9:45:42 25,6,2,19,0x00,4108,10.0.0.1,4116,9,4128,Radius Group Name,4130,domain/users/username,7,1,4
129,DOMAIN\usernam,4120,0x014E4F4D4144494353,4127,3,4149,Allow access if dial-in permission is enabled,4136,2,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:45:26
Service-Name : IAS
Computer-Name : server_name
Class : 311 1 10.0.0.16 04/09/2003 19:45:42 25
Service-Type : Framed
Callback-Number : 0x00
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Fully-Qualifed-User-Name: domain/users/username
Framed-Protocol : PPP
SAM-Account-Name : DOMAIN\usernam
MS-CHAP-Domain : 0x014E4F4D4144494353
Authentication-Type : MS-CHAP-V1
NP-Policy-Name : Allow access if dial-in permission is enabled
Packet-Type : Access-Accept
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:45:26,IAS,server_name,40,1,5,0,14,205.162.232.226,16,
1723,44,0x00000024,26,Source-IP=64.217.8.122,26,Source-Port=0,26,Destination-IP=205.162.232.226,26,Destination-Port=0,41
08,10.0.0.1,4116,9,4128,Radius Group Name,4136,4,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:45:26
Service-Name : IAS
Computer-Name : server_name
Acct-Status-Type : Start
NAS-Port : 0
Login-IP-Host : 205.162.232.226
Login-TCP-Port : 1723
Acct-Session-Id : 0x00000024
Vendor-Specific : Source-IP=64.217.8.122
Vendor-Specific : Source-Port=0
Vendor-Specific : Destination-IP=205.162.232.226
Vendor-Specific : Destination-Port=0
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:46:05,IAS,server_name,40,1,5,0,14,10.0.0.15,16,21,44,
0x00097aaa,26,Source-IP=10.0.10.1,26,Source-Port=1036,26,Destination-IP=GOLD,26,Destination-Port=21,4108,10.0.0.1,4116,9
,4128,Radius Group Name,4136,4,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:46:05
Service-Name : IAS
Computer-Name : server_name
Acct-Status-Type : Start
NAS-Port : 0
Login-IP-Host : 10.0.0.15
Login-TCP-Port : 21
Acct-Session-Id : 0x00097aaa
Vendor-Specific : Source-IP=10.0.10.1
Vendor-Specific : Source-Port=1036
Vendor-Specific : Destination-IP=GOLD
Vendor-Specific : Destination-Port=21
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:46:06,IAS,server_name,40,1,5,0,14,10.0.0.15,16,20,44,
0x00097aac,26,Source-IP=10.0.10.1,26,Source-Port=1037,26,Destination-IP=GOLD,26,Destination-Port=20,4108,10.0.0.1,4116,9
,4128,Radius Group Name,4136,4,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:46:06
Service-Name : IAS
Computer-Name : server_name
Acct-Status-Type : Start
NAS-Port : 0
Login-IP-Host : 10.0.0.15
Login-TCP-Port : 20
Acct-Session-Id : 0x00097aac
Vendor-Specific : Source-IP=10.0.10.1
Vendor-Specific : Source-Port=1037
Vendor-Specific : Destination-IP=GOLD
Vendor-Specific : Destination-Port=20
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:46:06,IAS,server_name,40,2,5,0,14,10.0.0.15,16,20,44,
0x00097aac,46,0,42,0,43,453,26,Source-IP=10.0.10.1,26,Source-Port=1037,26,Destination-IP=GOLD,26,Destination-Port=20,410
8,10.0.0.1,4116,9,4128,Radius Group Name,4136,4,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:46:06
Service-Name : IAS
Computer-Name : server_name
Acct-Status-Type : Stop
NAS-Port : 0
Login-IP-Host : 10.0.0.15
Login-TCP-Port : 20
Acct-Session-Id : 0x00097aac
Acct-Session-Time : 0
Acct-Input-Octets : 0
Acct-Output-Octets : 453
Vendor-Specific : Source-IP=10.0.10.1
Vendor-Specific : Source-Port=1037
Vendor-Specific : Destination-IP=GOLD
Vendor-Specific : Destination-Port=20
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:47:27,IAS,server_name,40,1,5,0,14,10.0.0.2,16,21,44,0
x00097b34,26,Source-IP=10.0.10.1,26,Source-Port=1038,26,Destination-IP=another_server_name,26,Destination-Port=21,4108,10.0.0.1,4116,
9,4128,Radius Group Name,4136,4,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:47:27
Service-Name : IAS
Computer-Name : server_name
Acct-Status-Type : Start
NAS-Port : 0
Login-IP-Host : 10.0.0.2
Login-TCP-Port : 21
Acct-Session-Id : 0x00097b34
Vendor-Specific : Source-IP=10.0.10.1
Vendor-Specific : Source-Port=1038
Vendor-Specific : Destination-IP=another_server_name
Vendor-Specific : Destination-Port=21
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:47:27,IAS,server_name,40,2,5,0,14,10.0.0.15,16,21,44,
0x00097aaa,46,82,42,138,43,546,26,Source-IP=10.0.10.1,26,Source-Port=1036,26,Destination-IP=GOLD,26,Destination-Port=21,
4108,10.0.0.1,4116,9,4128,Radius Group Name,4136,4,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:47:27
Service-Name : IAS
Computer-Name : server_name
Acct-Status-Type : Stop
NAS-Port : 0
Login-IP-Host : 10.0.0.15
Login-TCP-Port : 21
Acct-Session-Id : 0x00097aaa
Acct-Session-Time : 82
Acct-Input-Octets : 138
Acct-Output-Octets : 546
Vendor-Specific : Source-IP=10.0.10.1
Vendor-Specific : Source-Port=1036
Vendor-Specific : Destination-IP=GOLD
Vendor-Specific : Destination-Port=21
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:47:31,IAS,server_name,40,1,5,0,14,10.0.0.2,16,20,44,0
x00097b3a,26,Source-IP=10.0.10.1,26,Source-Port=1039,26,Destination-IP=another_server_name,26,Destination-Port=20,4108,10.0.0.1,4116,
9,4128,Radius Group Name,4136,4,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:47:31
Service-Name : IAS
Computer-Name : server_name
Acct-Status-Type : Start
NAS-Port : 0
Login-IP-Host : 10.0.0.2
Login-TCP-Port : 20
Acct-Session-Id : 0x00097b3a
Vendor-Specific : Source-IP=10.0.10.1
Vendor-Specific : Source-Port=1039
Vendor-Specific : Destination-IP=another_server_name
Vendor-Specific : Destination-Port=20
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:47:32,IAS,server_name,40,2,5,0,14,10.0.0.2,16,20,44,0
x00097b3a,46,1,42,0,43,12934,26,Source-IP=10.0.10.1,26,Source-Port=1039,26,Destination-IP=another_server_name,26,Destination-Port=20,
4108,10.0.0.1,4116,9,4128,Radius Group Name,4136,4,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:47:32
Service-Name : IAS
Computer-Name : server_name
Acct-Status-Type : Stop
NAS-Port : 0
Login-IP-Host : 10.0.0.2
Login-TCP-Port : 20
Acct-Session-Id : 0x00097b3a
Acct-Session-Time : 1
Acct-Input-Octets : 0
Acct-Output-Octets : 12934
Vendor-Specific : Source-IP=10.0.10.1
Vendor-Specific : Source-Port=1039
Vendor-Specific : Destination-IP=another_server_name
Vendor-Specific : Destination-Port=20
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.


The line logged into the file: 10.0.0.1,DOMAIN\usernam,04/17/2003,13:47:38,IAS,server_name,40,2,5,0,14,10.0.0.2,16,21,44,0
x00097b34,46,10,42,89,43,339,26,Source-IP=10.0.10.1,26,Source-Port=1038,26,Destination-IP=another_server_name,26,Destination-Port=21,
4108,10.0.0.1,4116,9,4128,Radius Group Name,4136,4,4142,0

NAS-IP-Address : 10.0.0.1
User-Name : DOMAIN\usernam
Record-Date : 04/17/2003
Record-Time : 13:47:38
Service-Name : IAS
Computer-Name : server_name
Acct-Status-Type : Stop
NAS-Port : 0
Login-IP-Host : 10.0.0.2
Login-TCP-Port : 21
Acct-Session-Id : 0x00097b34
Acct-Session-Time : 10
Acct-Input-Octets : 89
Acct-Output-Octets : 339
Vendor-Specific : Source-IP=10.0.10.1
Vendor-Specific : Source-Port=1038
Vendor-Specific : Destination-IP=another_server_name
Vendor-Specific : Destination-Port=21
Client-IP-Address : 10.0.0.1
Client-Vendor : CISCO
Client-Friendly-Name: Radius Group Name
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.

C:\>
 
Upvote 0 Downvote
If i get some slacktime later in the week, I'll go ahead and cook up a vbscript that parse the logs into a more useable format.
 
Upvote 0 Downvote
Too bad this doesn't work with IPSEC sessions. I've got these security-optimized sessions, and Cisco decides to omit the "client accounting" option for the vpngroup command. For those of us in this situation, the only way to get semi-accurate Start and Stop info for VPN sessions is to configure the overly-granular Xauth accounting. At least that's the only solution I've come up with.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
959
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question Question
navigation slow and tcp syc/ack drop
Replies
0
Views
743
Nitta84
Nitta84
xwray
  • Locked
  • Question Question
PIX 501 DHCP Server function
Replies
0
Views
257
xwray
xwray
brownmab53
  • Locked
  • Question Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
310
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top