Forum Discussion
NimbostratusF5 APM + cisco ACS per user acl
Hello.
I have BIG-IP APM latest version and Cisco ACS 5.2. I need to implement scheme where user after succesfull login through Radius get dynamic acl from ACS(downloadable acl). How to do it ? For example if i push from ACS any downloadable ACL i get this error in report :
session.radius.last.attr.vendor-specific.1.9.1 is ACS:CiscoSecure-Defined-ACL=ACSACL-IP-IP_block-51c18efe
Common/VPN_ACL: rule1: ACS:CiscoSecure-Defined-ACL=ACSACL-IP-IP_block-51c18efe 2013-06-19 15:31:07 /Common/VPN_ACL: rule1: ^ 2013-06-19 15:31:07 /Common/VPN_ACL: rule1: ERR_PARSER_UNSUPPORTED_TOKEN 2013-06-19 15:31:07 Dynamic ACL: parsing errors on '/Common/VPN_ACL' and assigned with discard all entry
How to fix it ?
3 Replies
scorpa_121336If any one will ever be doing this - the problem is with second access-request. When Big-ip sends access-request to ACS its return access-accept and name of Downloadable ACL so after it F5 should send another access-request with name of this ACL and command to download it but this behavior is not implemented.
Vsevolod_PetrovCirrostratus
Hi,
I want to implement per-user ACL using ACS 5.5 and BIGIP APM.
Were you able to do this? Or ACL download is still not implemented in BIGIP?
mvukusicAltocumulus
I have the same problem, has anyone been able to implement this successfully?
