Cisco AAA/Identity/Nac :: ACS 5.2 - Add DACL To 2 Devices?
I have an ASA 5510 on the outside with a Remote Access VPN. The user will need to get from the 5510, then go through an ASA 5540, then out to the subnet where they will be doing their work. I have a Cisco ACS version 5.2 that sits on a separte VLAN off of the 5540. I can authenticate users with Radius on the 5510 VPN and use DACLs from the ACS with no problems. However, the DACL only gets downloaded to the 5510 (as expected) and I need it to also download to the 5540. Is there a way to do this? I understand this could mean multiple authentications needed somehow. Right now when I authenticate, the DACL shows up fine in the 5510, but I get blocked from the devices I need to get to because it of course is not getting added to the 5540 as well.
Here's the basic topology I have: