06-12-2008 12:36 AM - edited 03-11-2019 05:58 AM
Hi
I'm trying to add downloadable ACL's via a LDAP map. I have done a map between the info attribute in Microsoft ActiveDirectory and the Cisco-AV-Pair field.
My problem is that when I add two lines in the configuration i recive an error in the ASA log.
%ASA-3-109032: Unable to install ACL 'AAA-user-nisse-406F160D', downloaded for user nisse; Error in ACE : 'permit ip 10.0.2.0 255.255.255.0 192.168.1.0 255.255.255.0
ip:inacl#2=permit ip 10.0.2.0 255.255.255.0 192.168.3.0 255.255.255.0'
%ASA-6-716051: Group <SVC-LDAP-JARLEGREN-POLICY> User <nisse> IP <x.x.x.x> Error adding dynamic ACL for user.
Have anyone managed to get this to work or am I using the wrong syntax for the downloadable acl's
My config looks like this.
ip:inacl#1=permit ip 10.0.2.0 255.255.255.0 192.168.1.0 255.255.255.0
ip:inacl#2=permit ip 10.0.2.0 255.255.255.0 192.168.3.0 255.255.255.0
Tanks in advance
Stefan
06-12-2008 12:50 AM
Hi,
From System Log Message the explanation of the message number 716051 is:
"There is not enough memory to perform the action".
Recommended Action: Purchase more memory, upgrade the device, or reduce the load on the device .
Reference: "http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html"
I hope this helps.
Best regards.
Massimiliano.
06-12-2008 12:57 AM
Hi
Tanks for the answer but I'm running ASA 8.0 and the system message 716051 is the following error:
%ASA-6-716051: Group group-name User user-name IP IP_address Error adding dynamic ACL for user.
Best regards,
Stefan
06-12-2008 01:03 AM
Hi,
From System Log messages version 8.0 the explanation is the same.
Reference: http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4777220
Did you try to add manually the access list?
Best regards.
Massimiliano.
06-12-2008 01:16 AM
Hi
Yes I have tried to add the access-list manually and it works fine. So it must be something with syntax
ip:inacl....
Do you have any ideas around the syntax that could be wrong or is it correct?
The load on the box is aroung 1% and what I know you can't add more memory to the box.
Best regards,
//Stefan
06-12-2008 01:17 AM
Hi
If I just use on of the lines it works great.
//Stefan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide