I'd to have multiple ACLs downloaded to a FWSM from my ACS server (3.3) when an outside user logs in, triggered by http or ssl. To clarify, I'd like to have unique default acls applied to my inside and dmz interfaces when no one is logged in. When a specific user logs in I'd like to replace the default inside and dmz interface acls with new ones. These acls will also differ from each other as well.
If this is possible, is there any guarantee in which order the acls will be applied upon user login?
The goal is to create a lock-step process so that a dual homed machine is never able to access both its dmz and inside interfaces when an outside user is logged in. Hopes this makes some sort of sense.