Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
2
Replies

Urgent: how to avoid automatically generate dynamic ACLs?

eric.huihk
Level 1
Level 1

‎08-15-2007 08:04 PM - edited ‎03-09-2019 06:36 PM

PIX501 v6.3(3)is configured as Easy VPN client and authentication is done on

ACS server.

Downloadable ACL is applied to this vpn h/w client after the VPN connection

is established (shown in blue colour in the sh access-list output).

However, the are 2 dynamic ACL applied to the same connection which

override the downloadable ACL as defined in the ACS server for this VPN

group.

Question: How to get rid of the 2 dynamic ACLs as shown below?

access-list dynacl128; 1 elements

access-list dynacl128 line 1 permit ip any host 218.189.206.74 (hitcnt=0)

access-list dynacl129; 1 elements

access-list dynacl129 line 1 permit ip any FBP_Staging 255.255.255.0 (hitcnt=1)

Labels:
0 Helpful
2 Replies 2

tstanik
Level 5
Level 5

‎08-21-2007 12:46 PM

I think it is not possible to avoid automatically generated dynamic ACLs, you may have to use some other interface for this or configure PIX with proper VPN configuration for client.

0 Helpful

eric.huihk
Level 1
Level 1
In response to tstanik

‎08-21-2007 06:41 PM

Thanks for your reply.

You suggest to use other interface, do these other interfaces can avoid to generate dynamic ACLs? Which interfaces should be used? Please advise.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents