Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WebVPN ACL Problem

We are currently experiencing a problem with WebVPN ACLs on our VPN 3000 Concentrator (Version 4.7.2.G). We authenticate users onto the WebVPN with RADIUS through our ACS 4.0 server and Active Directory. Everything regarding authentication is working ok, users are dropping into the correct groups and only getting access to the WebVPN features delegated for their group (eg port forwarding, file access etc.)

The problem lies with the WebVPN ACLs which are being ignored. The ACLs were setup to only allow CIFS file access to one server but we have found that clicking on ?Browse Network? is allowing users to browse shares on other computers. To confirm that the ACLs were not working we set the WebVPN homepage to and then set a deny permission to this site. Sure enough it still loads up. We have checked that the "Apply ACL" box is ticked and the inherit "WebVPN ACLs" box is unticked for each group. Adding ACLs to the Base Group also does not work.

I have tried upgrading the Concentrator to 4.7.2.I but to no avail. The ACLs have worked in the past, the only other major change we have made is to upgrade from ACS 3.2 to ACS 4.0 but the basic config of the ACS server has remained the same. (No Network Access Filters or Downloadable ACLs are used). Can anybody help?

CreatePlease to create content