03-07-2011 01:57 AM - edited 03-10-2019 05:53 PM
Hi,
I have configured 1841 router as VPN server. All VPN users are getting authenticated using radius in ACS 4.1
I need to apply per-user downloadable ACL.
I have configured ACS for the Downlodabale ACL. Even ACS report acivity shows that ACL is applied to the authenticated user, but the traffic is not blocked or passed accordingly.
Solved! Go to Solution.
03-09-2011 01:55 AM
What is your configuration ?
I think the most easiest way to do it is to use IPSEC VTI interfaces, along wiht aaa authorization network and on the radius server, use ip:inacl in the cisco av-pair, like
ip:inacl#1=permit tcp any any eq 80
ip:inacl#2=permit tcp any any eq 443
...
Some documentation:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1090634
03-09-2011 01:55 AM
What is your configuration ?
I think the most easiest way to do it is to use IPSEC VTI interfaces, along wiht aaa authorization network and on the radius server, use ip:inacl in the cisco av-pair, like
ip:inacl#1=permit tcp any any eq 80
ip:inacl#2=permit tcp any any eq 443
...
Some documentation:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1090634
03-10-2011 03:52 AM
Hi,
Thanks for your reply.
Soution given by you works......:-)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: