I have a ASA5520 [v8.0(4)], to which a remote client using the "cisco VPN client" software connects to. The user is authenticated to an ACS server [v4.0.1], which uses/assigns a Downloadable ACL. So far so good :-) The Remote Client (10.11.12.5) is able to access devices/networks on the "inside" of the ASA5520 through the ACL rules. e.g. permit tcp host 10.11.12.5 10.11.10.0 255.255.255.0 permit tcp host 10.11.12.5 10.11.13.0 255.255.255.0 The problem I am having is with devices on the "internal" networks not being able to initiate a connection "outbound" to the remote client. I have added the following rules to the DACL, but they are never matched, and the default "deny any" at the end of the DACL is matched which generates an Authorization denied message. permit tcp 10.11.10.0 255.255.255.0 host 10.11.12.5 permit tcp 10.11.13.0 255.255.255.0 host 10.11.12.5 Q: Are Downloadable ACL's one-way only ? Q: How do I enable "outbound" access to the VPN Client from "internal" networks/devices ?
... View more