Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1262
Views
0
Helpful
5
Replies

ACS 3.1 and Dynamic Filters with VPN 3005

bm_5789
Level 1
Level 1

‎07-22-2003 05:03 PM - edited ‎03-10-2019 07:24 AM

I would appreciate some help with configuring dynamic filters in ACS 3.1 for use with VPN 3005. I've read the documentation, but had no success. I want to configure the filters on a per user basis. So if there is anyone out there who has been successful, I would appreciate the tips.

Labels:
0 Helpful
5 Replies 5

andre.frost
Level 1
Level 1

‎07-25-2003 01:33 AM

Hi,

I tried the same with ACS3.1 VPN 4.0.1B and it works only if the VPN3000 is defined as an IOS/PIX device at the ACS. But if I use that adjustment i cannot use the VPN3000 specific attributes.

Any solutions ?

André

0 Helpful

bm_5789
Level 1
Level 1
In response to andre.frost

‎07-28-2003 06:09 PM

Hello,

I contacted Cisco TAC about this. The engineer told me to create a bogus NAS and set it to authenticate using the VPN3000. Doing so will allow the VPN attributes to be visible in the user profiles. Also, if you do this, if you figure out how to configure CVPN3000-Access-Hours....please let me know. I know you can put a character string up to 247 characters, but I dont know what the format is. Thanks for any help/advice.

0 Helpful

gfullage
Cisco Employee
Cisco Employee

‎07-28-2003 08:10 PM

You have to run VPN Concentrator code 4.x and above if you want to define the filters on the ACS server, then just follow the sample config in the Release Notes here:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/admon/dynfilt.htm

0 Helpful

bm_5789
Level 1
Level 1
In response to gfullage

‎07-29-2003 05:12 AM

Thanks for the help, I have started to configure the ACL's in ACS. Another ?...I would like to configure CVPN3000-Access-Hours on the ACS....I know you can put a character string up to 247 characters, but I dont know what the format of the string should be...I havent been able to find any examples on the Cisco site. TIA for your help/advice.

0 Helpful

thibaus
Level 1
Level 1
In response to gfullage

‎07-14-2004 05:27 AM

I have followed those instructions and I run the 3.2(2)ACS and 4.1.4 VPN Concentrator and 4.0.4 VPN Client. For some reason all traffic is rejected, even when the access-list is

permit ip any any

I tried both with the cisco av-pair and the downloadable access-list without much success. I can see the access-list active in the dynamic filters screen on the concentrator but no traffic goes through...

Any ideas?

0 Helpful
Customers Also Viewed These Support Documents