01-09-2008 01:09 AM - edited 03-11-2019 04:45 AM
Hi all,
this question is about using an ASA with ACS to utilize downloadable per-user ACLs.
I understand that the user-specific ACL gets downloaded from the ACS, but how can I determine to which interface this ACL is bound ?
Is there a default setting, like: the interface the user is connecting to ?
If so, can it be overridden ?
Thanks in advance,
Oliver
Solved! Go to Solution.
01-09-2008 03:47 AM
Oliver
The acl gets applied to the interface referenced in the following command
aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS
So in the above example the downloadable acl would be applied to the inside interface
aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS
and in this one it would be applied to the outside interface.
Jon
01-09-2008 03:47 AM
Oliver
The acl gets applied to the interface referenced in the following command
aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS
So in the above example the downloadable acl would be applied to the inside interface
aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS
and in this one it would be applied to the outside interface.
Jon
01-09-2008 04:14 AM
Jon,
thanks for your fast and accurate reply, it was exactly what I wanted to know.
atb,
Oliver
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide