Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1219
Views
0
Helpful
1
Replies

Dynamic ACLs on PIX for VPN clients

daide
Level 1
Level 1

‎03-22-2004 06:58 AM - edited ‎03-10-2019 07:43 AM

Has anybody implemented the following solution?

- PIX 6.2 or 6.3

- CS ACS 3.x

- VPN Clients 3.x or 4.x

VPN clients are authenticated using radius when establishing the VPN session to the PIX. I want a predefined ACL to be dynamically assigned to the PIX by the ACS for that VPN session.

The CCO documentation on dynamic ACLs refers to authentication via a HTTP front-end. I want to avoid this as the VPN users are already authenticated during the set-up of the VPN session.

Any help or advice is much appreciated.

Regards,

Daithi

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎03-22-2004 02:37 PM

You can do this on ACs either using a Radius AV pair or the Downloadable ACL section. The following link describes each of these in detail:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/config/radacl.htm

The setup on the PIX is just using Radius for XAuth, and when the PIX receives the ACL from ACS it will apply it to that user. PIX config is as shown here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

0 Helpful
Customers Also Viewed These Support Documents