Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

downloadable ACS not working


I have an ASA 5540 ver 8.2(5) which has AAA server configured for VPN user authentication via ACS version The downloadable ACL feature used to work fine but since last week, it only downloads the name of the ACL without the ACL entries. The following is a sample VPN tunnel configuration

tunnel-group VPN type remote-access

tunnel-group VPN general-attributes

address-pool VPN

authentication-server-group RAD-AAA

accounting-server-group RAD-AAA

default-group-policy VPN


group-policy VPN internal

group-policy VPN attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value test_split_tunnel


aaa-server RAD-AAA protocol radius

aaa-server RAD-AAA (inside) host 192.168.xx.xx

The users get successfully authenticated and I can see the RADIUS start and stop data in the ACS. But they can not access anything from internal resource. I see the ACL name in the filter-id filed when I do sh vpn-sessiondb detail remote.

best regards,

Abebe Amare

Everyone's tags (4)