05-17-2006 08:49 AM - edited 03-10-2019 02:35 PM
I have set a user with downloadable ACL on AAA server(ACS4.0 for Windows).On ASA5520,I have enable WebVPN on outside interface,and authentication method is AAA.
When I login in ASA5520 through WebVPN,it(downloadable ACL)didn't work.Please help me!!!
05-17-2006 01:13 PM
Hi,
Just a quick check, does your Downloadable ACL configured under AAA-Radius for authentication?
Rgds,
AK
05-21-2006 08:04 AM
I have the same problem with downloadable ACLs and SSL VPN on a VPN 3000 concentrator. The ACLs are on a ACS4, but somehow it doesnt work.
Rutger
05-22-2006 01:09 AM
Does the VPN3K even support downloadable ACLs?
Originally it was just PIX. Some IOS routers were enabled for NAC support - but the early implementation didnt support fragmentation (ie for ACLs larger than 4K)
Then there was a secutity vulnerability discovered in the DACL exchange. The fix for that made the new version incompatible with the previous one. So IOS/PIXOS needed updating.
Im not sure of the exact dates/versions - best check with the TAC.
Darran
05-22-2006 02:18 AM
VPN3K does not have/support DACL.
Rgds,
AK
05-22-2006 02:54 AM
DACL with VPN3K works fine with IPSec connections, but not with SSL VPN. I know because we use it this way. The DACLs are on the ACS server.
Rutger
06-08-2006 06:33 AM
Downloadalbe ACL from ACS to VPN3000 works just fine.
Allthough I have just reported a major flaw in the new code to VPN3030.
08-30-2006 08:57 PM
Same problem here. Downloadable ACLs work fine for SSL/IKE VPN sessions but not for WebVPN sessions.
Anybody opened a TAC case or know a workaround?
Thanks!
-Markus
08-30-2006 10:38 PM
Wait a minute, it works for you with SSL VPN? For us it doesn't. Only with IKE
Rutger
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide