Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Downloadable ACL's on Multiple Firewalls

Dears

We have ASA in our network and it's configured as VPN gateway, ACS server is configured for users authentication and authorization.

Now the VPN user will try to connect to the network he will be authenticated through RADUES on ACS, then the downloadable Access-list will be pushed to ASA to control the users traffic.

Until here everything is working fine without any issue, but after accessing the network, we have internally FWSM to protect some segments, so the user will stop here. The current solution for this is to assign static IP for each VPN user and configure an access list on FWSM, which more manual process and time consume.

Is there any way to configure the downloadable ACL to be pushed to ASA and FWSM ?? In one time. or please advice on alternative solution for this scenario

Many thanks for your support.

3 REPLIES
Silver

Re: Downloadable ACL's on Multiple Firewalls

Yes, you can use downloadable access-lists. For more information kindly refer the url,

http://cisco.com/en/US/products/ps6121/products_configuration_guide_chapter09186a00806a81a0.html

New Member

Re: Downloadable ACL's on Multiple Firewalls

Hi

Thanks for your reply

I went through the NAC document but, I could not find the solution of my requirements.

Would please explain more how can I employ NAC ?

Thanks

Silver

Re: Downloadable ACL's on Multiple Firewalls

With ACS v4.0 there's no reason why you cant define a NAP for both ASA and FWSM. I assume the FWSM is capable of authenticating via RADIUS too?

You can (if you need to) have quite seperate authentication & authorisation policies in each NAP (including DACLS) or identical - up to you.

Not sure you need full blown NAC from your original post. NAPs are just something that NAC uses to handle multiple network services for a single user.

Darran

134
Views
0
Helpful
3
Replies
CreatePlease login to create content