cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1221
Views
0
Helpful
7
Replies

downloadable ACL

wasiimcisco
Level 1
Level 1

I m trying to configure download able acl in ACS for my remote access vpn user.

My concentrator is able to authenticate the user via ACS but after getting the ip and authentication client is not able to reach anywhere.

I have attached the downloadable acl configuration that i did on ACS.

I want remote vpn user only able to access 172.28.31.171, 170 server nothing else.

but client only able to connect but cant connect with any of the servers.

7 Replies 7

Jagdeep Gambhir
Level 10
Level 10

Wasim,

I would suggest you to push the Downloadable ACL's via another method. For this you need to configure the attribute 009\001]cisco-av-pair, on the ACS Server.

Following link talks about how to configure this attribute on the ACS server, to push the required ACL's.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410

Regards,

~JG

Do rate helpful posts

Thanks for the reply, but now it is working for me via downloadable access-list.

same configuration that i attached is now working fine for me.

I am able to configure the downloadable acl for remote access vpn user.

permit ip any host 172.28.65.24

permit ip any host 172.28.65.25

deny ip any any

but when i try to restrict whole network like this

permit ip any 172.28.65.0 255.255.255.0

permit ip any 172.28.70.0 255.255.255.0

deny ip any any

I am not able to get the results, even user is not able to connect.

I have tried to do the configuration mention in the link, but this is for firewall and IOS not for concentrator.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410

Please tell me how to allow user to access particular subnet.

problem solved actually i was using subnet mask in the access-list but infact it required wild card mask. now it is working fine.

Great.

Thanks for the update

problem solved, i was using subnet mask, but it required wild card mask.

Hi,

Can you help me ..

I got the same matter, but downloadable ACL doesn't work.

My current device : Router 2691(c2691-advsecurityk9-mz.124-9.T5), ACS 4.2, VPN client 4.6.

Thanks for your help.

*aw

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: