cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

308
Views
0
Helpful
1
Replies
Highlighted
Beginner
Beginner

ACS 5.1 VPN/ACL problems

Good Morning,

Im trying at the moment to adapt what we already have setup for authenticating IPSEC vpns.Currently below is how this is setup.

We would like add ACLs based on which 3rd party company is dialing in. I understand how to do this with local usernames but not when talking to AD.

Sorry if this is unclear thanks in advance.The tunnel group names are different for each company but again now sure where id add this filter.

Thanks

S

Service Selection

Protocol: match Radius

NDG:Device Type in All Device Types:Firewall

NDG:Location Any

Device IP Address: x.x.x.x

End Station: Filter Any

Service: VPNAccess

VPNAccess

IdentitySource: OTPthenAD (Using OTP server and AD Groups)

Standard Policy

Rule 1

Name Staff

Compoud Condition AD-AD1: StaffGroup

Permit Access

Rule 2

Name Staff

Compoud Condition AD-AD1: 3rdParty

Permit Access


Everyone's tags (1)
1 REPLY 1
Highlighted
Beginner
Beginner

ACS 5.1 VPN/ACL problems

I have finally resolved this. The issue was the ASA v8.0 was not passing the Tunnel Group Name. ASA upgraded to 8.4 resolved this