10-25-2022 09:55 AM
Hi,
I have a scenario where ISE controls VPN access from a ASA.
Each user belongs to a certain AD group, and I want to configure different Authorization Profiles based on membership.
Those profiles push dACL to the client.
My question is if it's possible for a client to receive more than one dACL.
I have several ACLs that are common to everyone (like DNS resolution, or AD authentication).
I tried to add more than one Profiles on the Authorization Profile in the Policy Set, but it seems that only one gets pushed.
Thanks in advance for any help.
Solved! Go to Solution.
10-25-2022 10:04 AM
@mjrduarte only one DACL would be applied to a session. You'd have to create additional DACLs that combine all the rules that you want to apply.
10-25-2022 10:04 AM
@mjrduarte only one DACL would be applied to a session. You'd have to create additional DACLs that combine all the rules that you want to apply.
10-25-2022 10:05 AM
I never tested it but I am pretty sure that this is the expected behaviour. You need to build "complete" ACLs for each context.
10-25-2022 10:12 AM
That's... A lot of work...
Thank you for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide