Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
2
Replies

MS IAS Access-lists

kcornally
Level 1
Level 1

‎07-19-2007 02:17 AM - edited ‎03-09-2019 06:25 PM

i Lads,

Dont know if anyone has tried the below but here goes.

We have various remote access support staff who come in via vpn clients into our 6.3(3) firewall .They are given an ip address from the 192.168.255.0 network range. There are remote access policies in Microsoft IAS then that is pushing an access-list to the users allowing them only access to a a particular ip address. So once the condition of them being in a group in IAS is meet the polcy then pushes out an access-list in the format

of ip:access-list 120 permit tcp any host 1.1.1.1 eq 23.

This is detailed in this document

http://support.microsoft.com/kb/283829.

here is my question if anyone can answer.

1) Does the access list have to existon the firewall before hand

and

2) is the syntax above correct.

thanks in advance as I am really stumped on this .

Labels:
0 Helpful
2 Replies 2

rochopra
Cisco Employee
Cisco Employee

‎07-20-2007 06:35 AM

Hi

For the example you have given, access-list format will be:

ip:inacl#120=permit tcp any 1.1.1.1 255.255.255.255 eq 23

Following link can give you idea on the same (it describes about the implementation on CSACS radius server):

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_configuration_guide_chapter09186a00801fd703.html#wp391153

Hope this helps.

Regards

Rohit

0 Helpful

rochopra
Cisco Employee
Cisco Employee

‎07-27-2007 07:33 PM

Rate helpful posts so that others can benefit from it.

0 Helpful
Customers Also Viewed These Support Documents