cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

470
Views
1
Helpful
3
Replies

ASA Anyconnect return ACL/VPN Filter

Hi All,

Would it be possible to return a ACL name to be used as 'VPN Filter'?

I know it is possible to return a DACL or Group policy, but I want to return the name of an ACL that is configured on the ASA to be used as the VPN Filter.

Using 'ACL (Filter-ID)' in the authorisation profile does not seem to work.

Thanks for your help!

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Advocate

Re: ASA Anyconnect return ACL/VPN Filter

The .in is a directive for "Inbound" ACL and would be interpreted correctly by wired switch.  Since ASA not accepting, adding under Advanced attributes to avoid any undesired extensions is correct option.

3 REPLIES 3

Re: ASA Anyconnect return ACL/VPN Filter

Hi Craig,

Originally I tried the filter ID, using the "ACL (Filter-ID)" field in the authorization profile.

This resulted on the following entry:

Access Type = ACCESS_ACCEPT

Filter-ID = MYACLNAME.in

ISE automatically ads the ".in" after the ACL name, resulting in not even passing authentication on Anyconnect

Just a side question: Why the ".in"?


When I manually added the Radius:Filter-ID [11] it works like a charm!

Access Type = ACCESS_ACCEPT

Filter-ID = MYACLNAME

Advocate

Re: ASA Anyconnect return ACL/VPN Filter

The .in is a directive for "Inbound" ACL and would be interpreted correctly by wired switch.  Since ASA not accepting, adding under Advanced attributes to avoid any undesired extensions is correct option.