The workaround to add more downloadable access control lists (ACLs) on the Cisco Secure access control server (ACS) is to use the object-group command. Refer to the example below:
Configuration on the PIX/ASA:
name 192.6.x.x HOST_SERVERobject-group service SVC_GROUP tcpport-object eq 12006port-object eq 12031port-object eq 12915object-group network HOST_GROUPnetwork-object host 192.7.x.xnetwork-object host 192.8.x.xnetwork-object host 192.9.x.xnetwork-object host 192.5.x.xnetwork-object host 192.4.x.xnetwork-object host 192.3.x.xnetwork-object host HOST_SERVER
This is the configuration for Downloadable IP ACLs:
permit tcp any object-group HOST_GROUP object-group SVC_GROUP
The previous ACL can be used to sum up the ACLs in the Downloadable IP ACLs section in order to not cross the limit of 32 KB.
Refer to the Downloadable IP ACLs section of Shared Profile Components for more information.