Downloadable ACL with logging?

Unanswered Question
Feb 16th, 2009
User Badges:
  • Silver, 250 points or more

I have gotten downloadable ACLs for VPN clients to work just fine with my Cisco ACS server and ASA 8.0(x) code. The problem is logging the information. I want to log certain things over the VPN connection. For example, if a user tries to access a certain IP, I want to block it and log it. The blocking works fine, but no matter what I set the logging level to, I never see the blocked traffic in the server logs. Can anyone point to some documentation or "gotchas" that might help? Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
eddie.mitchell@... Mon, 02/16/2009 - 18:54
User Badges:
  • Silver, 250 points or more

Can't you just block and log the specific VPN traffic via interface ACL's applied on the ASA?

jcrussell Mon, 02/16/2009 - 19:03
User Badges:
  • Silver, 250 points or more

I need to allow different groups access to different servers. That was the reason for doing downloadable ACLs. I was applying an ACL based on the group mapping set in the ACS server.


This Discussion