Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN filter per remote access user (via ACS)?

Hello everyone,

I'm deploying IPSec Remote Access VPN for my company. I have Cisco ASA 5540 (8.0.4) and Cisco Secure ACS. I have successfully configured the system with authentication by ACS.

The question is, I want to apply filter policy for per user. I know that there's a method called vpn-filter. If I use local authentication, I can apply ACL to user attribute.

eg.

access−list 103 extended permit tcp 10.1.49.2 255.255.255.0 host 10.1.1.10 eq 3389

username testvpn attributes

vpn−filter value 103

But users are configured on ACS, so how can I apply vpn-filter policy to the user? I dont really want to apply vpn-filter to group-policy.

Please help me to find a method. Thank you very much.

Regards,

Hiep Nguyen.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

VPN filter per remote access user (via ACS)?

Hi,

I think this is what you are looking for

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml

You will need to setup the IETF like this

filter-id=acl_name

There is a good example right there (better than mine) let me know how it goes.

Mike

Mike
3 REPLIES
Cisco Employee

VPN filter per remote access user (via ACS)?

Hi,

I think this is what you are looking for

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml

You will need to setup the IETF like this

filter-id=acl_name

There is a good example right there (better than mine) let me know how it goes.

Mike

Mike
New Member

Re: VPN filter per remote access user (via ACS)?

Thank Mike, that's exactly what i'm looking for. I create downloadable ACL and assign it to user and it works great Now I have per-user policy for remote access VPN.

Cisco Employee

VPN filter per remote access user (via ACS)?

Yay!

I was working with a couple of VPN labs and I saw that one.... I am glad that fits for you.

Mike

Mike
885
Views
0
Helpful
3
Replies