[c-nsp] VPN Accounting
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Dec 16 09:11:50 EST 2005
Hi Ahmad,
> I have a question to VPN accounting. I have configured a
> 2620XM for remote-site-to-site tunnel and for site-to-site tunnel.
> I want to account both kind of tunnel, but until now I got no
> records for my site-to-site tunnels.
> The same config I have on a 7140-2E3 and this works properly.
> They have the same IOS 12.3(12d).
>
> When I start debugging "debug crypto isakmp aaa", I got
> following output:
>
> mignon03#
> Dec 15 11:45:11.089 MET: ISAKMP AAA: Crypto Map in use with AAA list
> userlist for peer 212.185.113.4
> Dec 15 11:45:11.089 MET: ISAKMP AAA: No peer record for address
> 212.185.113.4, port 500. Create Accounting Record
> Dec 15 11:45:11.089 MET: ISAKMP AAA: Accounting Enabled but Not
> Required(INITIATOR)
> Dec 15 11:45:41.098 MET: %RADIUS-6-IDENTSAVE: Saving config with new
> acct ident in nvram.
as far as I know, IPSec VPN accouting is not done on the initiator of
the session. It was meant for remote-access to IPSec at the Gateway
only.
oli
More information about the cisco-nsp
mailing list