02-21-2007 11:17 PM - edited 03-10-2019 03:00 PM
Dears
We have ASA in our network and it's configured as VPN gateway, ACS server is configured for users authentication and authorization.
Now the VPN user will try to connect to the network he will be authenticated through RADUES on ACS, then the downloadable Access-list will be pushed to ASA to control the users traffic.
Until here everything is working fine without any issue, but after accessing the network, we have internally FWSM to protect some segments, so the user will stop here. The current solution for this is to assign static IP for each VPN user and configure an access list on FWSM, which more manual process and time consume.
Is there any way to configure the downloadable ACL to be pushed to ASA and FWSM ?? In one time. or please advice on alternative solution for this scenario
Many thanks for your support.
02-22-2007 01:17 AM
Hi,
We cannot push the ACLs to the ASA and the FWSM together.
One solution which comes to mind is to add cut-through authentication/virtual http/telnet on the FWSM.
The down side is ofcourse repeated authentication at different levels.
Regards,
Vivek
02-22-2007 03:05 AM
Thanks vsantuka for your reply
I have tried this solution before, but it's not an effective solution as we have multiple security contexts on the FWSM which require virtual telnet / http on each one. Which result more complexity, and repainting of authentication / authorization process
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide