ACS and download ACL to several AAA-clients

Answered Question
Oct 31st, 2007
User Badges:

HI!

I need to know if there is a possibility to download ACL to the DACL-enabled device that is not a part of the RADIUS conversation? In other words I have one user that needs an access to some resources and is attempting to log to the network through PIX1. I need to authenicate him through ACS and to download ACL to PIX1 and (attention) PIX2 too (some up-stream firewall). Is there any way to do it?

Correct Answer by Premdeep Banga about 9 years 6 months ago

I don't think you can do this. As you have mentioned that the other PIX does not have Radius configuration. And you can only push DACL from Radius server on the PIX that is requesting it, not to any other PIX.


And I am not aware of any mechanism or feature, that can transfer the downloaded ACLs, from one PIX to another.


Regards,

Prem

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
uralsib Fri, 11/02/2007 - 03:07
User Badges:

Does anybody have any ideas how can I solve the problem?


Regards, Amir

Correct Answer
Premdeep Banga Fri, 11/02/2007 - 12:47
User Badges:
  • Gold, 750 points or more

I don't think you can do this. As you have mentioned that the other PIX does not have Radius configuration. And you can only push DACL from Radius server on the PIX that is requesting it, not to any other PIX.


And I am not aware of any mechanism or feature, that can transfer the downloaded ACLs, from one PIX to another.


Regards,

Prem

uralsib Mon, 11/05/2007 - 23:47
User Badges:

Prem, thank you for your reply. OK, I'll try to re-build my scheme.

Actions

This Discussion