https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001064#M406906 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Can you help me ..</P><P>I got the same matter, but downloadable ACL doesn't work.</P><P>My current device : Router 2691(c2691-advsecurityk9-mz.124-9.T5), ACS 4.2, VPN client 4.6.</P><P></P><P>Thanks for your help.</P><P>*aw</P><P></P><P></P></BODY></HTML> Fri, 30 Jan 2009 04:05:26 GMT ariantow123 2009-01-30T04:05:26Z https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001057#M406891 <P>I m trying to configure download able acl in ACS for my remote access vpn user.</P><P></P><P>My concentrator is able to authenticate the user via ACS but after getting the ip and authentication client is not able to reach anywhere.</P><P></P><P>I have attached the downloadable acl configuration that i did on ACS.</P><P></P><P>I want remote vpn user only able to access 172.28.31.171, 170 server nothing else.</P><P></P><P>but client only able to connect but cant connect with any of the servers.</P><P></P><P> </P><P></P> Sun, 10 Mar 2019 22:53:30 GMT https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001057#M406891 wasiimcisco 2019-03-10T22:53:30Z https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001058#M406893 <HTML><HEAD></HEAD><BODY><P>Wasim,</P><P>I would suggest you to push the Downloadable ACL's via another method. For this you need to configure the attribute 009\001]cisco-av-pair, on the ACS Server.</P><P></P><P>Following link talks about how to configure this attribute on the ACS server, to push the required ACL's.</P><P></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410</A></P><P></P><P></P><P>Regards,</P><P>~JG</P><P></P><P>Do rate helpful posts</P></BODY></HTML> Thu, 05 Jun 2008 15:34:21 GMT https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001058#M406893 Jagdeep Gambhir 2008-06-05T15:34:21Z https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001059#M406897 <HTML><HEAD></HEAD><BODY><P>Thanks for the reply, but now it is working for me via downloadable access-list.</P><P></P><P>same configuration that i attached is now working fine for me. </P></BODY></HTML> Thu, 05 Jun 2008 22:02:02 GMT https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001059#M406897 wasiimcisco 2008-06-05T22:02:02Z https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001060#M406900 <HTML><HEAD></HEAD><BODY><P>I am able to configure the downloadable acl for remote access vpn user. </P><P></P><P>permit ip any host 172.28.65.24</P><P>permit ip any host 172.28.65.25</P><P>deny ip any any</P><P></P><P>but when i try to restrict whole network like this</P><P></P><P>permit ip any 172.28.65.0 255.255.255.0</P><P>permit ip any 172.28.70.0 255.255.255.0</P><P>deny ip any any</P><P></P><P>I am not able to get the results, even user is not able to connect.</P><P></P><P>I have tried to do the configuration mention in the link, but this is for firewall and IOS not for concentrator.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce39.html#2006410</A> </P><P></P><P></P><P></P><P>Please tell me how to allow user to access particular subnet.</P></BODY></HTML> Mon, 09 Jun 2008 12:37:00 GMT https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001060#M406900 wasiimcisco 2008-06-09T12:37:00Z https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001061#M406902 <HTML><HEAD></HEAD><BODY><P>problem solved actually i was using subnet mask in the access-list but infact it required wild card mask. now it is working fine. </P></BODY></HTML> Mon, 09 Jun 2008 12:50:08 GMT https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001061#M406902 wasiimcisco 2008-06-09T12:50:08Z https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001062#M406904 <HTML><HEAD></HEAD><BODY><P>Great.</P><P></P><P>Thanks for the update</P></BODY></HTML> Mon, 09 Jun 2008 12:51:47 GMT https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001062#M406904 Jagdeep Gambhir 2008-06-09T12:51:47Z https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001063#M406905 <HTML><HEAD></HEAD><BODY><P>problem solved, i was using subnet mask, but it required wild card mask.</P></BODY></HTML> Mon, 09 Jun 2008 13:04:25 GMT https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001063#M406905 wasiimcisco 2008-06-09T13:04:25Z https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001064#M406906 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Can you help me ..</P><P>I got the same matter, but downloadable ACL doesn't work.</P><P>My current device : Router 2691(c2691-advsecurityk9-mz.124-9.T5), ACS 4.2, VPN client 4.6.</P><P></P><P>Thanks for your help.</P><P>*aw</P><P></P><P></P></BODY></HTML> Fri, 30 Jan 2009 04:05:26 GMT https://community.cisco.com/t5/network-access-control/downloadable-acl/m-p/1001064#M406906 ariantow123 2009-01-30T04:05:26Z