Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 3.1 and Dynamic Filters with VPN 3005

I would appreciate some help with configuring dynamic filters in ACS 3.1 for use with VPN 3005. I've read the documentation, but had no success. I want to configure the filters on a per user basis. So if there is anyone out there who has been successful, I would appreciate the tips.

5 REPLIES
New Member

Re: ACS 3.1 and Dynamic Filters with VPN 3005

Hi,

I tried the same with ACS3.1 VPN 4.0.1B and it works only if the VPN3000 is defined as an IOS/PIX device at the ACS. But if I use that adjustment i cannot use the VPN3000 specific attributes.

Any solutions ?

André

New Member

Re: ACS 3.1 and Dynamic Filters with VPN 3005

Hello,

I contacted Cisco TAC about this. The engineer told me to create a bogus NAS and set it to authenticate using the VPN3000. Doing so will allow the VPN attributes to be visible in the user profiles. Also, if you do this, if you figure out how to configure CVPN3000-Access-Hours....please let me know. I know you can put a character string up to 247 characters, but I dont know what the format is. Thanks for any help/advice.

Cisco Employee

Re: ACS 3.1 and Dynamic Filters with VPN 3005

You have to run VPN Concentrator code 4.x and above if you want to define the filters on the ACS server, then just follow the sample config in the Release Notes here:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/admon/dynfilt.htm

New Member

Re: ACS 3.1 and Dynamic Filters with VPN 3005

Thanks for the help, I have started to configure the ACL's in ACS. Another ?...I would like to configure CVPN3000-Access-Hours on the ACS....I know you can put a character string up to 247 characters, but I dont know what the format of the string should be...I havent been able to find any examples on the Cisco site. TIA for your help/advice.

New Member

Re: ACS 3.1 and Dynamic Filters with VPN 3005

I have followed those instructions and I run the 3.2(2)ACS and 4.1.4 VPN Concentrator and 4.0.4 VPN Client. For some reason all traffic is rejected, even when the access-list is

permit ip any any

I tried both with the cisco av-pair and the downloadable access-list without much success. I can see the access-list active in the dynamic filters screen on the concentrator but no traffic goes through...

Any ideas?

149
Views
0
Helpful
5
Replies
CreatePlease login to create content