Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1752
Views
0
Helpful
2
Replies

Multiple downloadable ACLs per user group in ACS

Go to solution
CSCO11496083
Beginner
Beginner

‎05-24-2012 02:31 PM - edited ‎03-10-2019 07:07 PM

Is it possible to map multiple downloadable ACLs to a single user or user group using ASA and ACS?

For example, you have an ACL controlling access to servers (ACL A), and another ACL controlling access to internet (ACL B). Is it possible to assign multiple ACLs to a user group, such that User Group A can only access servers, while User Group B can access both servers and internet (ACL A+ ACL B)?

Thanks and regards.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎05-24-2012 05:04 PM

George,

The User and group settings would only allow you to select only one DACL instance at a time.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml#configuringtheserverwitfddhias

Regards,

Jatin

Do rate helpful posts-

~Jatin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎05-24-2012 05:04 PM

George,

The User and group settings would only allow you to select only one DACL instance at a time.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml#configuringtheserverwitfddhias

Regards,

Jatin

Do rate helpful posts-

~Jatin
0 Helpful

Go to solution
CSCO11496083
Beginner
Beginner
In response to Jatin Katyal

‎06-04-2012 09:39 AM

Ok,

I created multiple authorization profiles (each with a DACL) and attach it to an access policy result. However, only the DACL in the first authorization profile is picked. So the answer is simply, it's not possible.

Thanks for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents