Use this attribute in ACS profile - ipsec:inacl=*SPLIT_TUNNEL**_ACL_NAME*
The actual ACL should be defined on the router itself. Only the ACL name is referenced in ACS profile. Glad I could help :-) Karthik On Fri, Sep 7, 2012 at 1:02 PM, Jason Madsen <[email protected]> wrote: > ahh, thank you. this is very helpful. > > one last question...do you know where and how I could apply a Split Tunnel > ACL to this type of scenario from within ACS? I'm pretty comfortable with > configuring just about all VPNs inside and out, but I'm actually pretty new > to ACS. It doesn't seem to bad, but I know I have a lot of things to learn > in it yet. > > Thanks, > Jason > > > > > On Fri, Sep 7, 2012 at 1:29 AM, Karthik sagar <[email protected]> wrote: > >> Jason, >> >> The user-vpn-group attribute implements a feature called group-lock. Let >> say, you have two ezvpn groups - vpngroup1 and vpngroup2. >> Now, for xauth-user you have defined the attribute >> "user-vpn-group=vpngroup1". >> >> This config limits xauth-user to login to the vppngroup1 only. If >> xauth-user tries to login to vpngroup2, group authorization fails. >> >> Regards, >> Karthik >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
