Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Downloadable ACL - Binding acl to ACS?

I am working with PIX 6.2(2) and ACS 3.1 attempting to configure downloadable acl's. My PIX configuration doesn't require any other authentication or authorization, therefore, I don't have an acl created on the PIX that binds with a AAA group using the match statement.

My question is, will the downloadable acl's work even if the PIX doesn't have a AAA match defined with an associated acl? (Without the acl, a match statement isn't valid). If not, how do make this work without a match statement?

Thanks!

1 REPLY
Silver

Re: Downloadable ACL - Binding acl to ACS?

Hi,

The important thing is to inetercept the packet for authentication/authorization on the PIX. There are couple of ways, you can accomplish that:

-With the help of ACL using the match command or

-With include command

With match/ACL is new way of doing it. So, to answer to your question, no you don't have to use match/acl to authenticate and authorize the traffic and download ACL from ACS Server as all downloadable acl requires is that you define the authorization on the pix.

Here is a good doc that has an example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea9.shtml#new_per_user

Thanks,

Mynul

225
Views
0
Helpful
1
Replies
CreatePlease to create content