Solved: Downloadable ACL Feature

keller.oliver · ‎01-09-2008

Hi all,

this question is about using an ASA with ACS to utilize downloadable per-user ACLs.

I understand that the user-specific ACL gets downloaded from the ACS, but how can I determine to which interface this ACL is bound ?

Is there a default setting, like: the interface the user is connecting to ?

If so, can it be overridden ?

Thanks in advance,

Oliver

Jon Marshall · ‎01-09-2008

Oliver

The acl gets applied to the interface referenced in the following command

aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

So in the above example the downloadable acl would be applied to the inside interface

aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

and in this one it would be applied to the outside interface.

Jon

Jon Marshall · ‎01-09-2008

Oliver

The acl gets applied to the interface referenced in the following command

aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

So in the above example the downloadable acl would be applied to the inside interface

aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

and in this one it would be applied to the outside interface.

Jon

keller.oliver · ‎01-09-2008

Jon,

thanks for your fast and accurate reply, it was exactly what I wanted to know.

atb,

Oliver