Solved: ACS and download ACL to several AAA-clients

uralsib · ‎10-31-2007

HI!

I need to know if there is a possibility to download ACL to the DACL-enabled device that is not a part of the RADIUS conversation? In other words I have one user that needs an access to some resources and is attempting to log to the network through PIX1. I need to authenicate him through ACS and to download ACL to PIX1 and (attention) PIX2 too (some up-stream firewall). Is there any way to do it?

Premdeep Banga · ‎11-02-2007

I don't think you can do this. As you have mentioned that the other PIX does not have Radius configuration. And you can only push DACL from Radius server on the PIX that is requesting it, not to any other PIX.

And I am not aware of any mechanism or feature, that can transfer the downloaded ACLs, from one PIX to another.

Regards,

Prem

View solution in original post

uralsib · ‎11-02-2007

Does anybody have any ideas how can I solve the problem?

Regards, Amir

Premdeep Banga · ‎11-02-2007

I don't think you can do this. As you have mentioned that the other PIX does not have Radius configuration. And you can only push DACL from Radius server on the PIX that is requesting it, not to any other PIX.

And I am not aware of any mechanism or feature, that can transfer the downloaded ACLs, from one PIX to another.

Regards,

Prem

uralsib · ‎11-05-2007

Prem, thank you for your reply. OK, I'll try to re-build my scheme.