It is not for ASA....
Snippet from http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/inspect.html#wp1504796 RADIUS Accounting Inspection One of the well known problems is the over-billing attack in GPRS networks. The over-billing attack can cause consumers anger and frustration by being billed for services that they have not used. In this case, a malicious attacker sets up a connection to a server and obtains an IP address from the SGSN. When the attacker ends the call, the malicious server will still send packets to it, which gets dropped by the GGSN, but the connection from the server remains active. The IP address assigned to the malicious attacker gets released and reassigned to a legitimate user who will then get billed for services that the attacker will use. RADIUS accounting inspection prevents this type of attack by ensuring the traffic seen by the GGSN is legitimate. With the RADIUS accounting feature properly configured, the security appliance tears down a connection based on matching the Framed IP attribute in the Radius Accounting Request Start message with the Radius Accounting Request Stop message. When the Stop message is seen with the matching IP address in the Framed IP attribute, the security appliance looks for all connections with the source matching the IP address. You have the option to configure a secret pre-shared key with the RADIUS server so the security appliance can validate the message. If the shared secret is not configured, the security appliance does not need to validate the source of the message and will only check that the source IP address is one of the configured addresses allowed to send the RADIUS messages. With regards Kings On Wed, Feb 9, 2011 at 6:25 AM, Mark Senteza <[email protected]>wrote: > Hey all. > > A clarification question for you concerning RADIUS inspection on the ASA. > The policy-map is configured as below: > > policy-map type inspect radius-accounting RADIUS-POLICY > parameters > *host* 172.16.25.50 key CISCO > > Is the "host" statement above a reference to the RADIUS server host or the > ASA as a radius client ? > > When I run help after "*host*" this is the description I get for what > should follow > > ASA1(config)# policy-map type inspect radius-accounting RADIUS-POLICY > ASA1(config-pmap)# parameters > ASA1(config-pmap-p)# *host* ? > > mpf-policy-map-param mode commands/options: > Hostname or A.B.C.D IP address of host sending Radius accounting > messages > > Its not clear to me which host that should be, since the ASA can send > Radius accounting messages. > > And if it is the ASA, what IP Address should one use ? Any or the IP > Address of the interface facing the Radius Server. > > Thanks, > > Mark > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
