Send Accounting Records to the RADIUS Server
Accounting records in remote access VPN help the VPN administrator track the services that users access and the amount of network resources they consume. Accounting information includes when users sessions start and stop, usernames, the number of bytes that pass through the device for each session, the service used, and the duration of each session. This data can then be analyzed for network management, client billing, or auditing.
You can use accounting alone or together with authentication and authorization. When you activate AAA accounting, the network access server reports user activity to the configured accounting server. You can configure a RADIUS server as the accounting server so that all the user activity information is sent from Cisco Defense Orchestrator to the RADIUS server.Note | You can use the same RADIUS server or separate RADIUS servers for authentication, authorization, and accounting in remote access VPN AAA settings. |
Before you begin
Configure a RADIUS group object with RADIUS servers to which authentication requests or accounting records will be sent. See RADIUS Server Group Options.
Ensure that the RADIUS servers are reachable from the Firepower Threat Defense device. Configure routing on your Cisco Defense Orchestrator at Devices > Device Management > Edit Device > Routing to ensure connectivity to the RADIUS server.
Procedure
| Step 1 | On your Cisco Defense Orchestrator web interface, choose Devices > VPN > Remote Access. |
| Step 2 | Select a remote access policy and click Edit, or create a new remote access VPN policy. |
| Step 3 | Select the connection profile that includes AAA settings and click Edit > AAA. |
| Step 4 | Select a RADIUS server as the Accounting Server. |
| Step 5 | Click Save. |