Solved: Re: Downloadable ACL for VPN Users. ACS 4.1 & 1841 Router

central_bank · ‎03-07-2011

Hi,

I have configured 1841 router as VPN server. All VPN users are getting authenticated using radius in ACS 4.1

I need to apply per-user downloadable ACL.

I have configured ACS for the Downlodabale ACL. Even ACS report acivity shows that ACL is applied to the authenticated user, but the traffic is not blocked or passed accordingly.

Bastien Migette · ‎03-09-2011

What is your configuration ?

I think the most easiest way to do it is to use IPSEC VTI interfaces, along wiht aaa authorization network and on the radius server, use ip:inacl in the cisco av-pair, like

ip:inacl#1=permit tcp any any eq 80

ip:inacl#2=permit tcp any any eq 443

...

Some documentation:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1090634

View solution in original post

Bastien Migette · ‎03-09-2011