Downloadable ACL on ASA

Unanswered Question
Feb 16th, 2009

In my application the easy vpn clients (software and hardware) are connecting to ASA5540 (ver. 8.0.3) on outside interface and access corporate server resources on the inside interface. To authorize the access the ACS (ver. 4.2) downloadable ACL are used.

On the inside interface there is a management subnet. The PCs and management servers on management subnet require access to remote clients. The access from management subnet to remote clients is working only when the full ip access from clients to management subnet is opened in downloadable ACL. It look like that the ASA5540 is not functioning as firewall.

I would like to have restricted access from remote clients to management servers and the full access from management subnet to remote clients.

Could anybody help me.

Best Regards,

Aliaksandr Patotski.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
carenas123 Fri, 02/20/2009 - 15:24

The download of ACLs to the adaptive security appliance from an access control server (ACS). This enables the configuration of per-user access lists on a AAA server, to provide per-user access list authorization, that are then downloadable through the ACS to the adaptive security appliance. This feature is supported for RADIUS servers only and is not supported for TACACS+ servers.

Actions

This Discussion