Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
992
Views
5
Helpful
3
Replies

ISE - Multiple dACL

Go to solution
mjrduarte
Level 1
Level 1

‎10-25-2022 09:55 AM

Hi,

I have a scenario where ISE controls VPN access from a ASA.
Each user belongs to a certain AD group, and I want to configure different Authorization Profiles based on membership.
Those profiles push dACL to the client.

My question is if it's possible for a client to receive more than one dACL.
I have several ACLs that are common to everyone (like DNS resolution, or AD authentication).
I tried to add more than one Profiles on the Authorization Profile in the Policy Set, but it seems that only one gets pushed.

Thanks in advance for any help.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-25-2022 10:04 AM

@mjrduarte only one DACL would be applied to a session. You'd have to create additional DACLs that combine all the rules that you want to apply.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎10-25-2022 10:04 AM

@mjrduarte only one DACL would be applied to a session. You'd have to create additional DACLs that combine all the rules that you want to apply.

Go to solution
Karsten Iwen
VIP
VIP

‎10-25-2022 10:05 AM

I never tested it but I am pretty sure that this is the expected behaviour. You need to build "complete" ACLs for each context.

0 Helpful

Go to solution
mjrduarte
Level 1
Level 1
In response to Karsten Iwen

‎10-25-2022 10:12 AM

That's... A lot of work...
Thank you for your help.

0 Helpful
Customers Also Viewed These Support Documents