11-01-2011 09:00 PM - edited 02-21-2020 05:41 PM
Hello everyone,
I'm deploying IPSec Remote Access VPN for my company. I have Cisco ASA 5540 (8.0.4) and Cisco Secure ACS. I have successfully configured the system with authentication by ACS.
The question is, I want to apply filter policy for per user. I know that there's a method called vpn-filter. If I use local authentication, I can apply ACL to user attribute.
eg.
access−list 103 extended permit tcp 10.1.49.2 255.255.255.0 host 10.1.1.10 eq 3389
username testvpn attributes
vpn−filter value 103
But users are configured on ACS, so how can I apply vpn-filter policy to the user? I dont really want to apply vpn-filter to group-policy.
Please help me to find a method. Thank you very much.
Regards,
Hiep Nguyen.
Solved! Go to Solution.
11-02-2011 11:17 PM
Hi,
I think this is what you are looking for
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml
You will need to setup the IETF like this
filter-id=acl_name
There is a good example right there (better than mine) let me know how it goes.
Mike
11-02-2011 11:17 PM
Hi,
I think this is what you are looking for
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml
You will need to setup the IETF like this
filter-id=acl_name
There is a good example right there (better than mine) let me know how it goes.
Mike
11-03-2011 12:52 AM
Thank Mike, that's exactly what i'm looking for. I create downloadable ACL and assign it to user and it works great Now I have per-user policy for remote access VPN.
11-03-2011 01:18 AM
Yay!
I was working with a couple of VPN labs and I saw that one.... I am glad that fits for you.
Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: