07-19-2007 02:17 AM - edited 03-09-2019 06:25 PM
i Lads,
Dont know if anyone has tried the below but here goes.
We have various remote access support staff who come in via vpn clients into our 6.3(3) firewall .They are given an ip address from the 192.168.255.0 network range. There are remote access policies in Microsoft IAS then that is pushing an access-list to the users allowing them only access to a a particular ip address. So once the condition of them being in a group in IAS is meet the polcy then pushes out an access-list in the format
of ip:access-list 120 permit tcp any host 1.1.1.1 eq 23.
This is detailed in this document
http://support.microsoft.com/kb/283829.
here is my question if anyone can answer.
1) Does the access list have to existon the firewall before hand
and
2) is the syntax above correct.
thanks in advance as I am really stumped on this .
07-20-2007 06:35 AM
Hi
For the example you have given, access-list format will be:
ip:inacl#120=permit tcp any 1.1.1.1 255.255.255.255 eq 23
Following link can give you idea on the same (it describes about the implementation on CSACS radius server):
Hope this helps.
Regards
Rohit
07-27-2007 07:33 PM
Rate helpful posts so that others can benefit from it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide