03-15-2006 10:56 AM
Having some problems with group policies & within the ASA system. Able to connect via ASA VPN using ACS 3.1 but how do I apply ACLS for different groups.
I cannot find any information regarding the ASA & RADIUS.
Solved! Go to Solution.
03-21-2006 10:43 AM
I am not sure of ASA, but PIX 6.3 supports downloadable ACLs from a RADIUS server. TACACS+ not supported. Here is the document that shows how to configure this feature in 6.3.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/mngacl.htm#wp1030990
03-21-2006 10:43 AM
I am not sure of ASA, but PIX 6.3 supports downloadable ACLs from a RADIUS server. TACACS+ not supported. Here is the document that shows how to configure this feature in 6.3.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/mngacl.htm#wp1030990
03-22-2006 06:13 AM
Downloadable ACLs from the RADIUS server worked ! One question, I noticed that when a user VPN's in they receive their own ACL. Is that the norm ?
If 50 users connect I would then see 50 acls.
Thanks
07-19-2006 08:22 AM
Stephen,
I'm currently having the same problem you originally had where downloadable ACLs dont seem to work for our VPN users connecting to the ASA. Could you share what you had to do to get this tor work.
Thanks!
Al
07-20-2006 04:12 AM
07-20-2006 07:23 AM
Stephen,
Thanks for the info. This is pretty much the same we have configured. I our case we are running ACS 3.3 so there is no PIX Downloadable ACL option under shared component, is now IP Downloadable ACL.
Anything especial on the ASA or just simple RADIUS authentication for your Tunnel-Group?
Thanks again,
Al
07-20-2006 09:34 AM
When I created a "tunnel Group" on the ASA under the "General" tab I point the "Authentication Server Group" to the RADIUS Server
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide