Downloadable ACL for VPN users

Answered Question
Jun 28th, 2007
User Badges:

Hi,

I replaced Old pix with ASA (7.2). There were groups configured for remote VPN users authenticated through the ACS and ACS download a specific ACL for each group to the PIX. After replacement, Users cannot establish the VPN connection.After troubleshooting I discovered that Downloadable ACL were not working fine. When I disabled this option the tunnel established. When I return back to the old pix with the same configuration,it works fine with downloadable ACL option. I opened a TAC case and he said the ACS v3.0 (which i have) are not compatible with ASA. he didnt convince me really and he asked to try to use the AV pair option. I tried AV pair option with ASA and it was not working also. can you please advice.

Correct Answer by Premdeep Banga about 9 years 11 months ago

Hi,


Check this out,


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCef21184


Also, 3.0 is very old, and I suppose in that version we had "Downloadable PIX ACLs" and not "Downloadable IP ACLs", On ASA Download able ACL will work but with "Downloadable IP ACLs" but not with "Downloadable PIX ACLs".


Regards,

Prem

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Premdeep Banga Thu, 06/28/2007 - 16:13
User Badges:
  • Gold, 750 points or more

Hi,


Check this out,


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCef21184


Also, 3.0 is very old, and I suppose in that version we had "Downloadable PIX ACLs" and not "Downloadable IP ACLs", On ASA Download able ACL will work but with "Downloadable IP ACLs" but not with "Downloadable PIX ACLs".


Regards,

Prem

Actions

This Discussion