07-11-2018 11:30 PM
Hi All,
Would it be possible to return a ACL name to be used as 'VPN Filter'?
I know it is possible to return a DACL or Group policy, but I want to return the name of an ACL that is configured on the ASA to be used as the VPN Filter.
Using 'ACL (Filter-ID)' in the authorisation profile does not seem to work.
Thanks for your help!
Solved! Go to Solution.
07-12-2018 12:51 PM
The .in is a directive for "Inbound" ACL and would be interpreted correctly by wired switch. Since ASA not accepting, adding under Advanced attributes to avoid any undesired extensions is correct option.
07-12-2018 08:05 AM
07-12-2018 11:22 AM
Hi Craig,
Originally I tried the filter ID, using the "ACL (Filter-ID)" field in the authorization profile.
This resulted on the following entry:
Access Type = ACCESS_ACCEPT
Filter-ID = MYACLNAME.in
ISE automatically ads the ".in" after the ACL name, resulting in not even passing authentication on Anyconnect
Just a side question: Why the ".in"?
When I manually added the Radius:Filter-ID [11] it works like a charm!
Access Type = ACCESS_ACCEPT
Filter-ID = MYACLNAME
07-12-2018 12:51 PM
The .in is a directive for "Inbound" ACL and would be interpreted correctly by wired switch. Since ASA not accepting, adding under Advanced attributes to avoid any undesired extensions is correct option.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide