cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2914
Views
11
Helpful
3
Replies

ASA Anyconnect return ACL/VPN Filter

Hi All,

Would it be possible to return a ACL name to be used as 'VPN Filter'?

I know it is possible to return a DACL or Group policy, but I want to return the name of an ACL that is configured on the ASA to be used as the VPN Filter.

Using 'ACL (Filter-ID)' in the authorisation profile does not seem to work.

Thanks for your help!

1 Accepted Solution

Accepted Solutions

The .in is a directive for "Inbound" ACL and would be interpreted correctly by wired switch.  Since ASA not accepting, adding under Advanced attributes to avoid any undesired extensions is correct option.

View solution in original post

3 Replies 3

Hi Craig,

Originally I tried the filter ID, using the "ACL (Filter-ID)" field in the authorization profile.

This resulted on the following entry:

Access Type = ACCESS_ACCEPT

Filter-ID = MYACLNAME.in

ISE automatically ads the ".in" after the ACL name, resulting in not even passing authentication on Anyconnect

Just a side question: Why the ".in"?


When I manually added the Radius:Filter-ID [11] it works like a charm!

Access Type = ACCESS_ACCEPT

Filter-ID = MYACLNAME

The .in is a directive for "Inbound" ACL and would be interpreted correctly by wired switch.  Since ASA not accepting, adding under Advanced attributes to avoid any undesired extensions is correct option.