04-30-2012 10:23 PM - edited 03-10-2019 07:03 PM
Hi Sir,
I have some doubts about the attribute in ACS: cisco-av-pair. I setup some ACLs in this attribute and hope this attribute can be sent from ACS to my PIX/ASA for future filtering usage if an user passes the first authentication attempt. I found that this attribute can not be installed in the PIX (when I checked the PIX using 'show access-list') even though the user passes the authentication. What is the reason?
05-12-2012 08:20 PM
ASA do support downloadable access-lists. Old versions of PIX software do it in a different way. Could you please tell us what ASA or PIX version are you using ?
05-13-2012 07:27 PM
Hello,
I am using ASA8.0 software. I also tried to use 'downloadable ACL' attribute, this attribute does the job as its name says. But cisco-av-pair cannot. Is there another possible reason?
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide