Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Does F5 BIG-IP able to send audit log accounting to Cisco ISE?

Hi, Does F5 Big-IP able to send audit log accounting to Cisco ISE by using TACACS+? Does anyone able to integrate AAA for management user between F5 and Cisco ISE using TACACS+?

Thank you

1
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

regarding tacacs I integrate it only in F5 side. This article linked below is written for ACS and covers integration of several third party devices (although not any F5 appliances) into your TACACS server. The process is very similar with ISE Device Administration.

https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115926-tacacs-radius-devices-00.html

F5: https://support.f5.com/csp/article/K8811

And if you want to send audit logs you can do it following: you can create log filters, destinations, and publishers right in the GUI...

Let me now if you need more details.

0
Comments on this Answer
Comment made 07-Jun-2018 by ArieYank 60

Hi, For TACACS+ Authentication to Cisco ISE, it has been worked. But when I try to configure TACACS+ Accounting in F5, there is nothing in TACACS+ Command Accounting in Cisco ISE. I follow this link to configure TACACS+ Accounting: https://support.f5.com/csp/article/K13762 Any idea?

Thanks

0
Comment made 07-Jun-2018 by youssef 3608

Hi,

Regarding Cisco side i don't have information...

This arcticle can help you:

https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-device-administration-command-accounting-f5/td-p/3315682

Did you contact cisco support ?

And as i told you above if you want to send log to a remote syslog you can do it...

Regards

0
Comment made 07-Jun-2018 by ArieYank 60

Hi, Yes, I've contacted Cisco Support and he said that the argument sent by the F5 is even larger than 255 characters. Image Text

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

We are experiencing the same issue as Arie described above. Although TACACS+ works fine with F5 and we are able to assign specific roles to users based on attributes, the accounting part doesn't work at all. Any help on this would be appreciated.

0
Comments on this Answer
Comment made 10-Jun-2018 by ArieYank 60

Hi, So, what do you do for the accounting part? Do you have any work around?

0
Comment made 4 months ago by Alexander Polyakov S 122

Hi,

ArieYank did you contact technical support? Witch version of BIGIP have you tried?

0
Comment made 4 months ago by ArieYank 60

Hi, I didn't contact the technical support. I assume the log format generated from F5 may not standard with TACACS, so I ignore it. Most of the F5 is version 11.

0