Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2312
Views
0
Helpful
3
Replies

VPN filter per remote access user (via ACS)?

Go to solution
hiepnguyenho
Level 1
Level 1

‎11-01-2011 09:00 PM - edited ‎02-21-2020 05:41 PM

Hello everyone,

I'm deploying IPSec Remote Access VPN for my company. I have Cisco ASA 5540 (8.0.4) and Cisco Secure ACS. I have successfully configured the system with authentication by ACS.

The question is, I want to apply filter policy for per user. I know that there's a method called vpn-filter. If I use local authentication, I can apply ACL to user attribute.

eg.

access−list 103 extended permit tcp 10.1.49.2 255.255.255.0 host 10.1.1.10 eq 3389

username testvpn attributes

vpn−filter value 103

But users are configured on ACS, so how can I apply vpn-filter policy to the user? I dont really want to apply vpn-filter to group-policy.

Please help me to find a method. Thank you very much.

Regards,

Hiep Nguyen.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎11-02-2011 11:17 PM

Hi,

I think this is what you are looking for

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml

You will need to setup the IETF like this 

filter-id=acl_name

There is a good example right there (better than mine) let me know how it goes.

Mike

Mike

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎11-02-2011 11:17 PM

Hi,

I think this is what you are looking for

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml

You will need to setup the IETF like this 

filter-id=acl_name

There is a good example right there (better than mine) let me know how it goes.

Mike

Mike
0 Helpful

Go to solution
hiepnguyenho
Level 1
Level 1
In response to Maykol Rojas

‎11-03-2011 12:52 AM

Thank Mike, that's exactly what i'm looking for. I create downloadable ACL and assign it to user and it works great Now I have per-user policy for remote access VPN.

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to hiepnguyenho

‎11-03-2011 01:18 AM

Yay!

I was working with a couple of VPN labs and I saw that one.... I am glad that fits for you.

Mike

Mike
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents