Sponsored Links

Following our previous post about AAA Authentication for management access to a Cisco ASA Firewall, in this post we will describe how we can keep track of the authentication requests of admin users to the firewall. This can be helpful to keep a record of the time and date that an administrator user connected to the firewall. This functionality can be achieved by configuring “Accounting” on the ASA Firewall. This will enable the appliance to generate an accounting record that marks the establishment and termination of management access via Telnet, Serial Console, and SSH.

Assume that we have already installed a AAA server and configured the details on the firewall (see previous post). The name of the AAA server that we have given is NY_AAA.

AAA Accounting Configuration:

ASA(config)# aaa accounting serial console NY_AAA
ASA(config)# aaa accounting telnet console NY_AAA
ASA(config)# aaa accounting ssh console NY_AAA

The configuration above will keep a record in the AAA server database for the start-time and end-time of administrator access to the firewall.

Now, if we also need to keep track of all the commands entered by the administrator when he/she was connected to the firewall, we can use the “accounting command” as shown below:

ASA(config)# aaa accounting command NY_AAA

The above works only with TACACS+ protocols.

Bookmark and Share

Related posts:

  1. Configuring AAA Authentication on Cisco ASA Firewall
  2. Connecting to the ASA Firewall with Telnet and SSH
  3. Configuring a Warning Login Banner on Cisco ASA Firewall
  4. Cisco ASA Multiple Context Mode – Configuring Virtual Firewalls on Same Chassis
  5. How to Configure SNMP on Cisco ASA 5500 Firewall

Tagged with:

Filed under: Cisco ASA Configuration

Like this post? Subscribe to my RSS feed and get loads more!