04-18-2011 10:00 AM - edited 03-10-2019 06:00 PM
Hello everyone,
I have a problem and a really short dead-line, and stuff that I download from the net did not help me much.. or need at least few weeks to study. So please help me
I have ACS 5.2 and ASA 5520 which I use as VPN server.
How can I configure downloadable ACLs that would affect different groups of VPN users?
I manage to make ACL, but I am not sure how to apply it to a group of users..
To make the question simpler, if I make VPN connection to the ASA, how can I deny myself an access to some parts of the network (using ACS)?
Is there any document that explains configurations of both ASA and ACS 5.2 in that case?
Thanks in advance,
Pera
04-21-2011 05:46 PM
Hello,
There are 2 ways to do it. You can restrict based on group policy or using DACL.
I suggest DACL.
Under the access service and authorization you have to create a policy that will match the user group or IP or whatever you want to filter.
Once you select what you want for authorization filtering you have to select the authorization profile that you want to apply to that policy.
Under common tasks of authorization policy you can select the DACL that you already created.
Hope this makes sense. If not feel free to contact me at any time.
Erick Delgado
Cisco CSE
04-24-2011 01:15 AM
Thank you,
I needed step-by-step explanation as 5.2 is nothing like any earlier version..
I will try that and let you know.
Thanks.
04-25-2011 05:21 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide