We know about the ipsec:inacl attribute for configuring split-tunneling for a VPN group, but AFAWK you must define the ACL in the local configuration of the router. Is it possible to define the ACL in the RADIUS server instead? How? By the way, is it possible to do the same for the IPsec pools?
This feature introduces the radius-server attribute 11 direction default command, which allows you to change the default direction of filters for your access control lists (ACL) via RADIUS. (RADIUS attribute 11 (Filter-Id) indicates the name of the filter list for the user.) Enabling this command allows you to change the filter direction to inboundwhich stops traffic from entering a router, and reduces resource consumptionrather than keeping the outbound default direction, which waits until the traffic is about to leave the network before filtering occurs.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...