10-31-2007 05:41 AM - edited 03-10-2019 03:29 PM
HI!
I need to know if there is a possibility to download ACL to the DACL-enabled device that is not a part of the RADIUS conversation? In other words I have one user that needs an access to some resources and is attempting to log to the network through PIX1. I need to authenicate him through ACS and to download ACL to PIX1 and (attention) PIX2 too (some up-stream firewall). Is there any way to do it?
Solved! Go to Solution.
11-02-2007 12:47 PM
I don't think you can do this. As you have mentioned that the other PIX does not have Radius configuration. And you can only push DACL from Radius server on the PIX that is requesting it, not to any other PIX.
And I am not aware of any mechanism or feature, that can transfer the downloaded ACLs, from one PIX to another.
Regards,
Prem
11-02-2007 03:07 AM
Does anybody have any ideas how can I solve the problem?
Regards, Amir
11-02-2007 12:47 PM
I don't think you can do this. As you have mentioned that the other PIX does not have Radius configuration. And you can only push DACL from Radius server on the PIX that is requesting it, not to any other PIX.
And I am not aware of any mechanism or feature, that can transfer the downloaded ACLs, from one PIX to another.
Regards,
Prem
11-05-2007 11:47 PM
Prem, thank you for your reply. OK, I'll try to re-build my scheme.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide