ACS 5.2 and ASA VPN users

in_hiding · ‎04-18-2011

Hello everyone,

I have a problem and a really short dead-line, and stuff that I download from the net did not help me much.. or need at least few weeks to study. So please help me

I have ACS 5.2 and ASA 5520 which I use as VPN server.

How can I configure downloadable ACLs that would affect different groups of VPN users?

I manage to make ACL, but I am not sure how to apply it to a group of users..

To make the question simpler, if I make VPN connection to the ASA, how can I deny myself an access to some parts of the network (using ACS)?

Is there any document that explains configurations of both ASA and ACS 5.2 in that case?

Thanks in advance,

Pera

Erick Delgado · ‎04-21-2011

Hello,

There are 2 ways to do it. You can restrict based on group policy or using DACL.

I suggest DACL.

Under the access service and authorization you have to create a policy that will match the user group or IP or whatever you want to filter.

Once you select what you want for authorization filtering you have to select the authorization profile that you want to apply to that policy.

Under common tasks of authorization policy you can select the DACL that you already created.

Hope this makes sense. If not feel free to contact me at any time.

Erick Delgado

Cisco CSE

in_hiding · ‎04-24-2011

Thank you,

I needed step-by-step explanation as 5.2 is nothing like any earlier version..

I will try that and let you know.

Thanks.

Erick Delgado · ‎04-25-2011

Hello,

Unfortunately in ACS 5.x the documentation is very limited as it is a new product.

I just create a quick step by step using screenshots. If you have any question feel free to contact me at any time.

Regards,