Restrict VPN remote user using ACS and IOS Router

Unanswered Question
Jan 23rd, 2009
User Badges:


I've got some problem.

I have vpn router as vpn server and also ACS to authenticate vpn remote user(cisco vpn client).

And the goal I want is to limiting user access for several ports.

I try with Filter ID, Cisco AVpair, and also downloadable ACL, but can't work.

Need your help, thx


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nelson Rodrigues Fri, 01/23/2009 - 19:02
User Badges:
  • Cisco Employee,

1) HAve you checked out to make sure the format of the DACLs or Cisco-AV-Pairs are correct?

2) FilterID is the name of the access-list already defined on the VPN server.

Turn on the "debug crypto isakmp/ipsec or aaa " and see what is happening.

ariantow123 Fri, 01/23/2009 - 19:52
User Badges:


1. I'm sure

2. Yes, I already config the ACL on VPN router.

See the attachment for debug, sh run, and also log in ACS.

In this case, I test use DACL

Thx for your help.

ariantow123 Mon, 01/26/2009 - 20:45
User Badges:


The link is for PIX, any other link for Cisco IOS Router ?

Is it applicable in Cisco router ?



This Discussion