Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

group policies with pix 515e

How are group policies usually put in place with pix? For example, let's say I'm a software company. I've got 14 devolopers who need access to things in the DMZ that no one else would (such as SQL, and who knows what else). Also, Finanace uses a special program which runs on port 5325 (totally random). How do I give them access to it but no one else? Admins should also be in a special group that have access to services such as SSH.

My quetion is how do I define members? Do I have to give everyone a static IP address and do it based on IP? What happens when a devoloper logs onto a box of someone in finance? He/she should have devoloper access then, not finance access. How do I control that?


Re: group policies with pix 515e

Read up on the AAA features of the PIX. You can force users to need to login to be able to make outbound connections. You probably also want to read on up Cisco Secure Access Control Server, a software product that works with cisco hardware to provide grouping, dynamic access lists, authentication authorization and accounting (AAA), etc.

CreatePlease login to create content