Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

downloadable ACL

I m trying to configure download able acl in ACS for my remote access vpn user.

My concentrator is able to authenticate the user via ACS but after getting the ip and authentication client is not able to reach anywhere.

I have attached the downloadable acl configuration that i did on ACS.

I want remote vpn user only able to access 172.28.31.171, 170 server nothing else.

but client only able to connect but cant connect with any of the servers.

7 REPLIES

Re: downloadable ACL

Wasim,

I would suggest you to push the Downloadable ACL's via another method. For this you need to configure the attribute 009\001]cisco-av-pair, on the ACS Server.

Following link talks about how to configure this attribute on the ACS server, to push the required ACL's.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410

Regards,

~JG

Do rate helpful posts

Community Member

Re: downloadable ACL

Thanks for the reply, but now it is working for me via downloadable access-list.

same configuration that i attached is now working fine for me.

Community Member

Re: downloadable ACL

I am able to configure the downloadable acl for remote access vpn user.

permit ip any host 172.28.65.24

permit ip any host 172.28.65.25

deny ip any any

but when i try to restrict whole network like this

permit ip any 172.28.65.0 255.255.255.0

permit ip any 172.28.70.0 255.255.255.0

deny ip any any

I am not able to get the results, even user is not able to connect.

I have tried to do the configuration mention in the link, but this is for firewall and IOS not for concentrator.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410

Please tell me how to allow user to access particular subnet.

Community Member

Re: downloadable ACL

problem solved actually i was using subnet mask in the access-list but infact it required wild card mask. now it is working fine.

Re: downloadable ACL

Great.

Thanks for the update

Community Member

Re: downloadable ACL

problem solved, i was using subnet mask, but it required wild card mask.

Community Member

Re: downloadable ACL

Hi,

Can you help me ..

I got the same matter, but downloadable ACL doesn't work.

My current device : Router 2691(c2691-advsecurityk9-mz.124-9.T5), ACS 4.2, VPN client 4.6.

Thanks for your help.

*aw

516
Views
0
Helpful
7
Replies
CreatePlease to create content