cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1100
Views
0
Helpful
2
Replies
Beginner

Downloadable ACL for VPN Users. ACS 4.1 & 1841 Router

Hi,

I have configured 1841 router as VPN server. All VPN users are getting authenticated using radius in ACS 4.1

I need to apply per-user downloadable ACL.

I have configured ACS for the Downlodabale ACL. Even ACS report acivity shows that ACL is applied to the authenticated user, but the traffic is not blocked or passed accordingly.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Downloadable ACL for VPN Users. ACS 4.1 & 1841 Router

What is your configuration ?

I think the most easiest way to do it is to use IPSEC VTI interfaces, along wiht aaa authorization network and on the radius server, use ip:inacl in the cisco av-pair, like

ip:inacl#1=permit tcp any any eq 80

ip:inacl#2=permit tcp any any eq 443

...

Some documentation:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1090634

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Re: Downloadable ACL for VPN Users. ACS 4.1 & 1841 Router

What is your configuration ?

I think the most easiest way to do it is to use IPSEC VTI interfaces, along wiht aaa authorization network and on the radius server, use ip:inacl in the cisco av-pair, like

ip:inacl#1=permit tcp any any eq 80

ip:inacl#2=permit tcp any any eq 443

...

Some documentation:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1090634

View solution in original post

Highlighted
Beginner

Re: Downloadable ACL for VPN Users. ACS 4.1 & 1841 Router

Hi,

Thanks for your reply.

Soution given by you works......:-)