Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

weak acs 5.5 usability for asa access-lists management

recently we have deployed downloadable acl feature on acs for asa vpn users and noticed that this solution have at least two serious disadvantages:

1. there is only possibilty to give split tunnel networks to asa by acl list name radius attributes and this list should be already configured on asa

2. if we want to map several acl to the group by two or more authorisation profiles it doesnt use them all but only first one, for example i have different groups for ssh, rdp and etc administration and different acl which permits the services one by one then i map groups and profiles with acl in authorization rules and when user have more then one group like ssh+rdp it get only ssh acl which was first in the profiles. as i understand we can provide only one acl but what then? should we make every combination of groups? what if we have twenty of them and what if we will try to edit something later?

looks like very weak solution for big enterprise network, coorect me if i wrong

Cisco Employee

Each Solution has it's own

Each Solution has it's own advantage and disadvantage. Every thig depends on the scenerio. In your scenerio you are correct.

CreatePlease login to create content