Hi all,

i'm trying to configure ACS Radius and a Pix to work as Proxy Cut-Through.

i wanna set up some acl to have a certain type of traffic for some users and another one for some others.

I tried by downloadable acl but it doesn't work (could it be caused from a bug on IOS?), now i'm tring to set up cisco-av-pair and i have another problem...

if i write

ip:inacl#1=permit tcp any any

ip:inacl#2=permit udp any any

ip:inacl#3=permit ip any any

ip:inacl#4=permit icmp any any

ip:inacl#5=deny tcp any any

it works fine... but if i configure with this one

ip:inacl#1=permit tcp any any eq 20

ip:inacl#2=permit udp any any eq 20

ip:inacl#3=permit ip any any eq 20

ip:inacl#5=permit tcp any any eq 21

ip:inacl#6=permit udp any any eq 21

ip:inacl#7=permit ip any any eq 21

ip:inacl#8=permit tcp any any eq 80

ip:inacl#9=permit ip any any eq 80

ip:inacl#101=deny tcp any any

ip:inacl#102=deny ip any any

ip:inacl#103=deny udp any any

the pix denies everything.

which is the mistake?

thanks in advaces.