https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4837671#M581790 <P>Hello ,</P><P>&nbsp;</P><P>i changed the syntax and it worked , the problem is i was using wildcad mask and all i had to do is to use regular mask .</P><P>&nbsp;</P><P>regards ,</P><P>&nbsp;</P> Wed, 17 May 2023 13:09:37 GMT MED Amine MB 2023-05-17T13:09:37Z https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835444#M581743 <P>Hello ,</P><P>I m trying to configure DACL on ise to allow vpn traffic to specific destinations.&nbsp;</P><P>But after i configure them i get the auth logs as passed and authorized but on my machine it asks me to reconnect again and again.&nbsp;</P><P>&nbsp;</P><P>Can any one help me please.&nbsp;</P><P>&nbsp;</P><UL><LI>Regards,&nbsp;</LI></UL> Mon, 15 May 2023 11:15:54 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835444#M581743 MED Amine MB 2023-05-15T11:15:54Z https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835489#M581744 <P>Need some more detail here.&nbsp; What is the NAD?&nbsp; What version of ISE?&nbsp; Is the dACL being applied?&nbsp;&nbsp;</P> <P>See:&nbsp;<A href="https://community.cisco.com/t5/security-knowledge-base/how-to-ask-the-community-for-help/ta-p/3704356" target="_blank">https://community.cisco.com/t5/security-knowledge-base/how-to-ask-the-community-for-help/ta-p/3704356</A></P> Mon, 15 May 2023 12:34:07 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835489#M581744 ahollifield 2023-05-15T12:34:07Z https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835544#M581748 <P>can I see the config of ASA/FPR?</P> Mon, 15 May 2023 13:46:16 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835544#M581748 MHM Cisco World 2023-05-15T13:46:16Z https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835651#M581749 <P>hello ,</P><P>My topology is like so :</P><P>users will connect to vpn configured on my FTD&nbsp;</P><P>FTD then will send RADIUS requests to ISE</P><P>On the ISE i have two rules with itch have one groupe user from AD</P><P>and on those rules i want to permit access to certain destination and it doesn't seems to work as i see the logs everything is fine but the users still doesn't connect .</P><P>&nbsp;</P><P>regards ,&nbsp;</P> Mon, 15 May 2023 15:13:30 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835651#M581749 MED Amine MB 2023-05-15T15:13:30Z https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835655#M581750 <P>config the VPN-filter under each group&nbsp;<BR />the ISE will only return the group of anyconnect and it will by default use the VPN-filter you use under that group&nbsp;<BR />no need dACL in this case</P> Mon, 15 May 2023 15:16:39 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835655#M581750 MHM Cisco World 2023-05-15T15:16:39Z https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835668#M581752 <P>hello ,</P><P>&nbsp;</P><P>accually my FTD is messed-up that's why i 'am using ISE for authentication i can't perform any filter or new configuration on it and the last solution i fund is to use DACL .</P><P>i used simple syntaxe like :</P><P>permit ip any X.X.X.X 0.0.255.255</P><P>permit ip any Y.Y.Y.Y 0.0.255.255</P><P>deny any any&nbsp;</P><P>&nbsp;</P><P>regards ,&nbsp;</P> Mon, 15 May 2023 15:28:52 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835668#M581752 MED Amine MB 2023-05-15T15:28:52Z https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835682#M581753 What do you mean you can’t perform any configuration changes? This is going to be impossible to troubleshoot/implement if you don’t have admin access to the FTD. IMHO, that issue needs to be fixed first.<BR /> Mon, 15 May 2023 15:43:34 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4835682#M581753 ahollifield 2023-05-15T15:43:34Z https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4837671#M581790 <P>Hello ,</P><P>&nbsp;</P><P>i changed the syntax and it worked , the problem is i was using wildcad mask and all i had to do is to use regular mask .</P><P>&nbsp;</P><P>regards ,</P><P>&nbsp;</P> Wed, 17 May 2023 13:09:37 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-dacl-for-vpn-connexion/m-p/4837671#M581790 MED Amine MB 2023-05-17T13:09:37Z