this question is about using an ASA with ACS to utilize downloadable per-user ACLs.
I understand that the user-specific ACL gets downloaded from the ACS, but how can I determine to which interface this ACL is bound ?
Is there a default setting, like: the interface the user is connecting to ?
If so, can it be overridden ?
Thanks in advance,
The acl gets applied to the interface referenced in the following command
aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS
So in the above example the downloadable acl would be applied to the inside interface
aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS
and in this one it would be applied to the outside interface.