ACS Express 5.0 questions: downloadable ACL, RADIUS as an external database
Could please someone answer two questions regarding ACS Express 5.0:
- does it support downloadable ACLs (for IOS auth proxy / ASA AAA Network Access)? As I can see from the documentation, at least not in the form ACS supports it, but can it be configured using AV pairs on per-user basis?
- can it use another RADIUS as external authentication database? Essentially what I need is to authenticate the user using "parent" ACS, but apply restrictions configured in local ACS Express.
The only drawback I can see in using AV pairs instead of full Downloadable ACL support provided by ACS via Shared Objects, is that the access-list can be assigned on per-user basis, but only once, so it will be always same access-list for all clients.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...