I'm trying to add downloadable ACL's via a LDAP map. I have done a map between the info attribute in Microsoft ActiveDirectory and the Cisco-AV-Pair field.
My problem is that when I add two lines in the configuration i recive an error in the ASA log.
%ASA-3-109032: Unable to install ACL 'AAA-user-nisse-406F160D', downloaded for user nisse; Error in ACE : 'permit ip 10.0.2.0 255.255.255.0 192.168.1.0 255.255.255.0
ip:inacl#2=permit ip 10.0.2.0 255.255.255.0 192.168.3.0 255.255.255.0'
%ASA-6-716051: Group <SVC-LDAP-JARLEGREN-POLICY> User <nisse> IP <x.x.x.x> Error adding dynamic ACL for user.
Have anyone managed to get this to work or am I using the wrong syntax for the downloadable acl's
My config looks like this.
ip:inacl#1=permit ip 10.0.2.0 255.255.255.0 192.168.1.0 255.255.255.0
ip:inacl#2=permit ip 10.0.2.0 255.255.255.0 192.168.3.0 255.255.255.0
Tanks in advance