I'm having some issues with a downloadable ACL on an ASA and ACS4.2.
I have the authentication on the ASA configed and the ACL gets pushed down
just fine. I want the ASA to process the downloaded ACL for the user and
then process the ACL on the in coming interface. Seems simple enough, as i
understand it thats the default operation.
This is what i'm currently seeing. I have a host on the inside of the ASA
which, before authenticating can ping a host on the outside of the ASA. I
see counters on the interface ACL increment when he pings, i get a response,
everything is peachy. Once that user authenticates I can pass all the
traffic permitted in the downloadable ACL and I still see the counters in
the interface ACL increment but I dont get a responce from the traffic that
passes on the interface ACL.
Anyone familiar with this?
Thanks
Jason
Blogs and organic groups at http://www.ccie.net
Received on Tue Apr 07 2009 - 09:45:01 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART