Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS and download ACL to several AAA-clients

HI!

I need to know if there is a possibility to download ACL to the DACL-enabled device that is not a part of the RADIUS conversation? In other words I have one user that needs an access to some resources and is attempting to log to the network through PIX1. I need to authenicate him through ACS and to download ACL to PIX1 and (attention) PIX2 too (some up-stream firewall). Is there any way to do it?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACS and download ACL to several AAA-clients

I don't think you can do this. As you have mentioned that the other PIX does not have Radius configuration. And you can only push DACL from Radius server on the PIX that is requesting it, not to any other PIX.

And I am not aware of any mechanism or feature, that can transfer the downloaded ACLs, from one PIX to another.

Regards,

Prem

3 REPLIES
New Member

Re: ACS and download ACL to several AAA-clients

Does anybody have any ideas how can I solve the problem?

Regards, Amir

Re: ACS and download ACL to several AAA-clients

I don't think you can do this. As you have mentioned that the other PIX does not have Radius configuration. And you can only push DACL from Radius server on the PIX that is requesting it, not to any other PIX.

And I am not aware of any mechanism or feature, that can transfer the downloaded ACLs, from one PIX to another.

Regards,

Prem

New Member

Re: ACS and download ACL to several AAA-clients

Prem, thank you for your reply. OK, I'll try to re-build my scheme.

149
Views
0
Helpful
3
Replies