Override, not supplement.
Fred Reimer, CCIE 23812, CISSP 107125
Senior Systems Architect
Coleman Technologies, Inc.
3250 W. Commercial Blvd., Suite 360
Oakland Park, FL 33309
Office: 407-481-8600 x1307
eFAX: 407-284-6681
Cell: 954-298-1697
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Jason Morris
Sent: Tuesday, April 07, 2009 9:45 AM
To: ccielab_at_groupstudy.com
Subject: downloadable ACLs
I'm having some issues with a downloadable ACL on an ASA and ACS4.2.
I have the authentication on the ASA configed and the ACL gets pushed
down
just fine. I want the ASA to process the downloaded ACL for the user
and
then process the ACL on the in coming interface. Seems simple enough,
as i
understand it thats the default operation.
This is what i'm currently seeing. I have a host on the inside of the
ASA
which, before authenticating can ping a host on the outside of the ASA.
I
see counters on the interface ACL increment when he pings, i get a
response,
everything is peachy. Once that user authenticates I can pass all the
traffic permitted in the downloadable ACL and I still see the counters
in
the interface ACL increment but I dont get a responce from the traffic
that
passes on the interface ACL.
Anyone familiar with this?
Thanks
Jason
Blogs and organic groups at http://www.ccie.net
Received on Tue Apr 07 2009 - 09:55:45 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART