we are a relatively large company, and we are in the process of deploying a Cisco VPN solution based on ASA and ACS 5.1.
Our biggest problem at the moment is the management of downloadable ACLs. Technically it was no big deal to get that to work, but our company requirements in terms of limited network access will cause us to have more than 100 different downloadable ACLs that are of course overlapping.
My idea now was to organize them in snippets (like e.g you have a snippet to access the corporate email system, a snippet for ERP etc) and to create the ACLs from those snippets that will be stored in a database.
Has anybody done that yet, or is there any product that can do that?
All input will be highly appreciated...