04-30-2012 10:23 PM - edited 03-10-2019 07:03 PM
Hi Sir,
I have some doubts about the attribute in ACS: cisco-av-pair. I setup some ACLs in this attribute and hope this attribute can be sent from ACS to my PIX/ASA for future filtering usage if an user passes the first authentication attempt. I found that this attribute can not be installed in the PIX (when I checked the PIX using 'show access-list') even though the user passes the authentication. What is the reason?
05-12-2012 08:20 PM
ASA do support downloadable access-lists. Old versions of PIX software do it in a different way. Could you please tell us what ASA or PIX version are you using ?
05-13-2012 07:27 PM
Hello,
I am using ASA8.0 software. I also tried to use 'downloadable ACL' attribute, this attribute does the job as its name says. But cisco-av-pair cannot. Is there another possible reason?
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: