Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
704
Views
0
Helpful
1
Replies

Is it possible for ACS dACL to utilize the Network Object Groups from the ASA?

seanr1701
Level 1
Level 1

‎02-19-2016 08:21 AM

Creating a number of new downloadable ACL's (dACL's) for a new ACS deployment.  Instead of looking up each object group inside of ASA and then typing manually into ACS, will Cisco ACS recognize the object groups that already exist on the ASA?  Specifically, recognize the network object group name?

Otherwise, this looks like a long, manual process.  Thanks in advance,

-Sean

Labels:
0 Helpful
1 Reply 1

Rohan Padwal
Level 1
Level 1

‎02-27-2016 07:45 PM

Hello Sean,

The Dacls are downloaded from the authentication server in your case ACS. the ASA dosn't reference the ACl from the running config on it,it will directly apply the acl which is pushed from the ACS,so you will have to manually add in the ACls to the ACS.you can copy paste the ACls without the object groups i can undestand this might be tricky,to make things easy you can copy paste the ACL from ASA by using sh access-list command and copy paste the individual access-list entries to the ACS. ;)

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113449-asa-vpn-acs-00.html#dacl

#Rohan

0 Helpful
Customers Also Viewed These Support Documents