downloadable ACL

Unanswered Question
Jun 5th, 2008
User Badges:

I m trying to configure download able acl in ACS for my remote access vpn user.


My concentrator is able to authenticate the user via ACS but after getting the ip and authentication client is not able to reach anywhere.


I have attached the downloadable acl configuration that i did on ACS.


I want remote vpn user only able to access 172.28.31.171, 170 server nothing else.


but client only able to connect but cant connect with any of the servers.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 06/05/2008 - 08:34
User Badges:
  • Red, 2250 points or more

Wasim,

I would suggest you to push the Downloadable ACL's via another method. For this you need to configure the attribute 009\001]cisco-av-pair, on the ACS Server.


Following link talks about how to configure this attribute on the ACS server, to push the required ACL's.



http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410



Regards,

~JG


Do rate helpful posts

wasiimcisco Thu, 06/05/2008 - 15:02
User Badges:

Thanks for the reply, but now it is working for me via downloadable access-list.


same configuration that i attached is now working fine for me.

wasiimcisco Mon, 06/09/2008 - 05:37
User Badges:

I am able to configure the downloadable acl for remote access vpn user.


permit ip any host 172.28.65.24

permit ip any host 172.28.65.25

deny ip any any


but when i try to restrict whole network like this


permit ip any 172.28.65.0 255.255.255.0

permit ip any 172.28.70.0 255.255.255.0

deny ip any any


I am not able to get the results, even user is not able to connect.


I have tried to do the configuration mention in the link, but this is for firewall and IOS not for concentrator.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410




Please tell me how to allow user to access particular subnet.

wasiimcisco Mon, 06/09/2008 - 05:50
User Badges:

problem solved actually i was using subnet mask in the access-list but infact it required wild card mask. now it is working fine.

wasiimcisco Mon, 06/09/2008 - 06:04
User Badges:

problem solved, i was using subnet mask, but it required wild card mask.

ariantow123 Thu, 01/29/2009 - 20:05
User Badges:

Hi,


Can you help me ..

I got the same matter, but downloadable ACL doesn't work.

My current device : Router 2691(c2691-advsecurityk9-mz.124-9.T5), ACS 4.2, VPN client 4.6.


Thanks for your help.

*aw



Actions

This Discussion