We are currently experiencing a problem with WebVPN ACLs on our VPN 3000 Concentrator (Version 4.7.2.G). We authenticate users onto the WebVPN with RADIUS through our ACS 4.0 server and Active Directory. Everything regarding authentication is working ok, users are dropping into the correct groups and only getting access to the WebVPN features delegated for their group (eg port forwarding, file access etc.)
The problem lies with the WebVPN ACLs which are being ignored. The ACLs were setup to only allow CIFS file access to one server but we have found that clicking on ?Browse Network? is allowing users to browse shares on other computers. To confirm that the ACLs were not working we set the WebVPN homepage to google.co.uk and then set a deny permission to this site. Sure enough it still loads up. We have checked that the "Apply ACL" box is ticked and the inherit "WebVPN ACLs" box is unticked for each group. Adding ACLs to the Base Group also does not work.
I have tried upgrading the Concentrator to 4.7.2.I but to no avail. The ACLs have worked in the past, the only other major change we have made is to upgrade from ACS 3.2 to ACS 4.0 but the basic config of the ACS server has remained the same. (No Network Access Filters or Downloadable ACLs are used). Can anybody help?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :