06-05-2008 08:26 AM - edited 03-10-2019 03:53 PM
I m trying to configure download able acl in ACS for my remote access vpn user.
My concentrator is able to authenticate the user via ACS but after getting the ip and authentication client is not able to reach anywhere.
I have attached the downloadable acl configuration that i did on ACS.
I want remote vpn user only able to access 172.28.31.171, 170 server nothing else.
but client only able to connect but cant connect with any of the servers.
06-05-2008 08:34 AM
Wasim,
I would suggest you to push the Downloadable ACL's via another method. For this you need to configure the attribute 009\001]cisco-av-pair, on the ACS Server.
Following link talks about how to configure this attribute on the ACS server, to push the required ACL's.
Regards,
~JG
Do rate helpful posts
06-05-2008 03:02 PM
Thanks for the reply, but now it is working for me via downloadable access-list.
same configuration that i attached is now working fine for me.
06-09-2008 05:37 AM
I am able to configure the downloadable acl for remote access vpn user.
permit ip any host 172.28.65.24
permit ip any host 172.28.65.25
deny ip any any
but when i try to restrict whole network like this
permit ip any 172.28.65.0 255.255.255.0
permit ip any 172.28.70.0 255.255.255.0
deny ip any any
I am not able to get the results, even user is not able to connect.
I have tried to do the configuration mention in the link, but this is for firewall and IOS not for concentrator.
Please tell me how to allow user to access particular subnet.
06-09-2008 05:50 AM
problem solved actually i was using subnet mask in the access-list but infact it required wild card mask. now it is working fine.
06-09-2008 05:51 AM
Great.
Thanks for the update
06-09-2008 06:04 AM
problem solved, i was using subnet mask, but it required wild card mask.
01-29-2009 08:05 PM
Hi,
Can you help me ..
I got the same matter, but downloadable ACL doesn't work.
My current device : Router 2691(c2691-advsecurityk9-mz.124-9.T5), ACS 4.2, VPN client 4.6.
Thanks for your help.
*aw
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide