Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
0
Helpful
2
Replies

Problems dyn. Filters CSACS / VPN Concentrator Radius AV Pair

torsten.schulz
Level 1
Level 1

‎12-15-2004 12:58 AM - edited ‎03-10-2019 01:56 PM

I've tried to implement dynamic Filters on dynamic IPSEC Tunnels, terminating on a VPN 30xx Concentrator.

The Configuration followed Chapter 14 of the VPN 3000 Reference Volume II.

Unfortunely is no dynamic Filter downloaded to the Concentrator during Authentication.

(FILTERDBG event are not shown)

(CSACS 3.1/VPN30xx Rel. 4.1.7B)

Has anyone already setup such an enviroment?

Is this eventually Version depending problem ?

Any Ideas?

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎12-21-2004 07:22 AM

The ACLs can be downloaded on an external RADIUS server, such as Cisco Secure ACS, rather than on the VPN Concentrator. Here is the reference material to download ACLs.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a00801f1da1.html

0 Helpful

torsten.schulz
Level 1
Level 1
In response to owillins

‎12-21-2004 09:04 AM

Thank's for the reference, but this was not my problem.

I' ve configured "cisco-av-pairs" on my ACS Server, but they were not dynamicly downloaded to the concentrator during User Authentication.

It does not work like it was documented.

Looking around I found a Fix to implement such a Function using "dyn. PIX - ACLs" and implementing a Registry Patch on my ACS Server

(wich was announced as a BUGFIX when upgrading from ACS 3.2x to ACS 3.3x).

After that Registry Hack "dyn. PIX-ACLs" are working on ACS 3.1 with VPN3xxx too.

!! But not Cisco-AV-Pairs.!!!

0 Helpful
Customers Also Viewed These Support Documents