Cisco ACS Reporting per AD Group possible?
Posted on 2011-10-17
We are making use of a Cisco Secure ACS running Software Version : 220.127.116.11. (with a Cisco ASA 5510 Firewall sitting behind it doing the ACLs and NAT'ing etc.)
The ACS is used for authentication when our employees connects from the Internet to our VPN using the Cisco VPN Client. The ACS is setup to connect to our Active Directory Domain Controller so when a user connects to the VPN he/she uses their Active Directory username and password to authenticate and the ACS validates the credentials in AD via LDAP to the Domain Controller.
We have several different divisions in different geographical locations.
We would like to do reporting on VPN Connection History but it needs to be done per division so that we can send the report to the divisional LAN Administrator to check and ensure that the users connecting are all still valid VPN users and that nothing out of the ordinary is taking place with VPN Connections specific to his/her division.
My question is:
Can we somehow utilize groups that we have in Active Directory and do reports per AD group on VPN login history?
Example: All my VPN users for Division A is on the "Division A VPN Users" group in Active Directory, can a custom report on the ACS be setup to report Radius Athentication for the last 7 days for any Active Directory accounts beloning to "Division A VPN Users" Group?
Thanks for any guidance on this one.