10-15-2018 06:54 AM
ISE version 2.2.0.470
I am trying to build new dACLs for my VPN users and it doesn't seem to be working and I know its the dACL because when I revert back to the old dACL my VPN is successful. When I try to hit the VPN with the new dACL I get a login failed.
Old dACL: | New dACL: |
remark allow newcitrix
remark aws remark allow okta permit ip any 10.81.0.0 255.255.0.0 remark Allow ping remark BNA Server Networks remark BNA DMZ remark BNA Workstation Networks remark Business Park Workstation Networks remark BNA Lab Networks remark CPI MIdway remark CPI Corporate remark Block all other internal requests remark Allow INET |
remark IT User Access remark Lab Access remark Deny Internal Segments remark Allow INET |
The check syntax checks out on the dACL page after checking for syntax errors.
Does anyone see anything weird between the two?
Solved! Go to Solution.
10-15-2018 07:33 AM
I think subnet mask on third line is incorrect:
permit ip any 192.168.1.0 255.255.0.0 -> permit ip any 192.168.1.0 255.255.255.0
10-15-2018 07:33 AM
I think subnet mask on third line is incorrect:
permit ip any 192.168.1.0 255.255.0.0 -> permit ip any 192.168.1.0 255.255.255.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide