11-09-2011 05:51 AM - edited 03-10-2019 06:32 PM
Hello
I want to have ACLs which decide which traffic to allow after auth-proxy authorisation.
1. What options do i have for ASA+ACS ?
2. Can i use auth-proxy on ASA with ACS and radius and downloadable ACL ?
3. Can i use auth-proxy on ASA with ACS and radius 009/001 cisco-av-pair (will ASA understeand it ?)
4. Can i use auth-proxy on ASA with ACS and tacacs auth-proxy attributes (with ACL) ?
Thanx
Solved! Go to Solution.
11-11-2011 08:40 PM
Hi,
Take a look over this guide to see if this helps answer your question. You can use both downloadable ACL or the cisco av-pairs, I have seen that the cisco-av-pair method works a little better because it has the username who logged in as a part of the acl which eases troubleshooting.
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_fwaaa.html#wp1150820
thanks,
Tarik Admani
11-11-2011 08:40 PM
Hi,
Take a look over this guide to see if this helps answer your question. You can use both downloadable ACL or the cisco av-pairs, I have seen that the cisco-av-pair method works a little better because it has the username who logged in as a part of the acl which eases troubleshooting.
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_fwaaa.html#wp1150820
thanks,
Tarik Admani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide