Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Downloadable ACL with ASA

Hi group,

I'm configuring downloadable ACL on ACS 5.1 for authorized vpn users. Whenever users log in to vpn through ASA then they will get individual ACL.

I checked AAA Protocol > RADIUS Authentication Report and found something like #ACSACL#-IP-testDACL-4cea0718 after user authentication successfully, and users are restricted as per ACL configured. But when I check at my ASA, I can't find any ACSACL on configuration.


My question is how can I make sure that ACSACL is already applied to my ASA?

Please advise, thank you all.

PK.

1 REPLY
Cisco Employee

Re: Downloadable ACL with ASA

Hi PK,

The "show vpn-sessiondb detail" command on the ASA will show if the DACL has been applied to the sesssion. The ACL name will be shown under the "Filter" field.

For IPSec VPN client users the command would be "show vpn-sessiondb detail remote", for SSLVPN/AnyConnect it would be "show vpn-sessiondb detail svc".

Steve.

1336
Views
0
Helpful
1
Replies