Downloadable ACL Feature

Answered Question
Jan 9th, 2008

Hi all,

this question is about using an ASA with ACS to utilize downloadable per-user ACLs.

I understand that the user-specific ACL gets downloaded from the ACS, but how can I determine to which interface this ACL is bound ?

Is there a default setting, like: the interface the user is connecting to ?

If so, can it be overridden ?

Thanks in advance,

Oliver

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 1 week ago

Oliver

The acl gets applied to the interface referenced in the following command

aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

So in the above example the downloadable acl would be applied to the inside interface

aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

and in this one it would be applied to the outside interface.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 01/09/2008 - 03:47

Oliver

The acl gets applied to the interface referenced in the following command

aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

So in the above example the downloadable acl would be applied to the inside interface

aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

and in this one it would be applied to the outside interface.

Jon

keller.oliver Wed, 01/09/2008 - 04:14

Jon,

thanks for your fast and accurate reply, it was exactly what I wanted to know.

atb,

Oliver

Actions

This Discussion