10-13-2010 10:48 AM
Is it possible to use a Downloadable ACL from the ACS for a WebVPN?
10-18-2010 05:12 AM
Hi Eric.
yes it's possible:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_extserver.html#wp1778634
Regards,
Fadi.
10-21-2010 07:52 AM
Thanks for the response, Fadi.
One of the things we're hoping to do is to create a "shared" Web ACL. On the ACS you can create "Downloadable IP ACLs" but from there you can't do Web ACLs. So it sounds like for each individual user we'd have to do in and enter the Web ACL manually. Does that make sense? Do you know if there's a way to create a shared Web ACL?
10-21-2010 07:55 AM
I did see that there's a way to create Web ACLs under the Dynamic Access Policies in the ASDM. However, that's only for all-permit or all-deny entries. We'd like to have entries that filter on specific URLs.
10-21-2010 12:11 PM
Indeed DAP webvpn acls won't work if you mix deny and permit. also ACS downloadable access-lists only support ip acls not webvpn.
to save time on configuring this for every users, you can group the same type of users under a group and apply the webvpn acl on the group level.
Hope this helps.
Regards,
Fadi.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide