I have an ASA 5540 ver 8.2(5) which has AAA server configured for VPN user authentication via ACS version 188.8.131.52. The downloadable ACL feature used to work fine but since last week, it only downloads the name of the ACL without the ACL entries. The following is a sample VPN tunnel configuration
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
group-policy VPN internal
group-policy VPN attributes
split-tunnel-network-list value test_split_tunnel
aaa-server RAD-AAA protocol radius
aaa-server RAD-AAA (inside) host 192.168.xx.xx
The users get successfully authenticated and I can see the RADIUS start and stop data in the ACS. But they can not access anything from internal resource. I see the ACL name in the filter-id filed when I do sh vpn-sessiondb detail remote.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...