ASA IPSEC VPN client problem with ACS

Unanswered Question
Aug 20th, 2009

Hi guys. I'm having a bit of a problem with configuring IPSEC VPN on an ASA 5510 and using ACS to send ACLs to restrict traffic. Here's the problem: Clients from a specific group in ACS attempt to connect to the ASA using the Cisco IPSEC VPN client but there's an error about an ACL.

Here are the error messages I get from the log:

%ASA-3-713902: Group = ClientVPN, Username = infcmo1, IP = x.x.x.x, IKE: ACL Raritan:G{ADMIN} c

an't be found

%ASA-3-713902: Group = ClientVPN, Username = infcmo1, IP = x.x.x.x, IKE: User ACL download from

AAA doesn't exist on device, aborting connection

The thing is, this ACL is actually a Filter ID (RADIUS attribute 11). This is the only group that has this specific attribute. I'm most likely mistaken, but aren't the downloadable ACLs only in ACS? They don't have to be in the ASA as well, right?

If there's any other info you guys need, just let me know.

Thanks!

Chris.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion