downloadable ACL

Unanswered Question
Jun 5th, 2008

I m trying to configure download able acl in ACS for my remote access vpn user.

My concentrator is able to authenticate the user via ACS but after getting the ip and authentication client is not able to reach anywhere.

I have attached the downloadable acl configuration that i did on ACS.

I want remote vpn user only able to access 172.28.31.171, 170 server nothing else.

but client only able to connect but cant connect with any of the servers.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 06/05/2008 - 08:34

Wasim,

I would suggest you to push the Downloadable ACL's via another method. For this you need to configure the attribute 009\001]cisco-av-pair, on the ACS Server.

Following link talks about how to configure this attribute on the ACS server, to push the required ACL's.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410

Regards,

~JG

Do rate helpful posts

wasiimcisco Thu, 06/05/2008 - 15:02

Thanks for the reply, but now it is working for me via downloadable access-list.

same configuration that i attached is now working fine for me.

wasiimcisco Mon, 06/09/2008 - 05:37

I am able to configure the downloadable acl for remote access vpn user.

permit ip any host 172.28.65.24

permit ip any host 172.28.65.25

deny ip any any

but when i try to restrict whole network like this

permit ip any 172.28.65.0 255.255.255.0

permit ip any 172.28.70.0 255.255.255.0

deny ip any any

I am not able to get the results, even user is not able to connect.

I have tried to do the configuration mention in the link, but this is for firewall and IOS not for concentrator.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410

Please tell me how to allow user to access particular subnet.

wasiimcisco Mon, 06/09/2008 - 05:50

problem solved actually i was using subnet mask in the access-list but infact it required wild card mask. now it is working fine.

wasiimcisco Mon, 06/09/2008 - 06:04

problem solved, i was using subnet mask, but it required wild card mask.

ariantow123 Thu, 01/29/2009 - 20:05

Hi,

Can you help me ..

I got the same matter, but downloadable ACL doesn't work.

My current device : Router 2691(c2691-advsecurityk9-mz.124-9.T5), ACS 4.2, VPN client 4.6.

Thanks for your help.

*aw

Actions

This Discussion