I was reading how using DACL's can eliminate the need to have ACL configured on the PIX. My PIX uses ACL 's to make VPN tunnel end points for client networks. Can I use DACL's in conjunction with ACL Manager and a RADIUS server to keep the large ACL list off of my PIX config??..
Also, does ACL Manager run on CiscoView or on PDM?..
ACL Manager is not a part of PDM it is a part of RME for Cisco Works.
There is no correlation between the two. You can't use ACL Manager to implement DACL's.
You are correct in your statement DACL'S does mean that ACL's are not stored locally on the PIX but are stored on the Radius server.
Previously you would have seen that you could define a ACL number to pass to the pix and the locally configured ACL would then be applied to the user.
DACL's is an alternative to this method and only became available in PIX 6.2 code.
You spoke of using ACL's to apply to users that are connecting to the PIX with VPN Clients. This is referred to as Xauth (extended authentication) you can use DACl's with VPN Client connections but because of bug id CSCdx47975
you need to have PIX 6.2(2) code installed.
Here is a sample config that should give you a better idea of how DACL's works with the PIX.
I was misleading earlier in a statement. It is not VPN clients that our "business clients" are connecting with; rather we establish VPN tunnels from our PIX to their VPN device to see each others inside network address...
I was thinking that perhaps DACL's could be used to keep my lengthy PIX configuration less cluttered with Access Lists. A training video for PIX version 6.2 on the Partner E-learning connection was where I got the idea from. I was thinking that as traffic entered from a opposite end tunnel address; perhaps the appropriate ACL could be downloaded to the PIX at that time based upon the tunnel end point address...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...