downloadable acl with asa-acs

i ve a problem configuring downloadabel acl. i use ASA 5510 8.0(3) as security appliance the ACS 4.2 as radius server

in acs- shared profile, i created a "test" acl.

deny ip any host permit icmp any host

there is a "user unknown policy" which forward to a rsa token server

in the user and also group config, i assigned the downloadable acl.

on the asa :

access-list test extended deny ip any any log debugging access-list test extended deny icmp any any log debugging access-group test in interface outside per-user-override

i cheked in the asa command line configration guide and in the acs manual but it seems that i miss something.

maybe i have to configure some specific radius attriubtes ?

please help me

Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.