Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1827
Views
0
Helpful
1
Replies

Downloadable ACL - Binding acl to ACS?

c-hayward
Level 1
Level 1

‎06-02-2003 08:11 AM - edited ‎03-10-2019 07:20 AM

I am working with PIX 6.2(2) and ACS 3.1 attempting to configure downloadable acl's. My PIX configuration doesn't require any other authentication or authorization, therefore, I don't have an acl created on the PIX that binds with a AAA group using the match statement.

My question is, will the downloadable acl's work even if the PIX doesn't have a AAA match defined with an associated acl? (Without the acl, a match statement isn't valid). If not, how do make this work without a match statement?

Thanks!

Labels:
0 Helpful
1 Reply 1

mhoda
Level 5
Level 5

‎06-02-2003 09:22 AM

Hi,

The important thing is to inetercept the packet for authentication/authorization on the PIX. There are couple of ways, you can accomplish that:

-With the help of ACL using the match command or

-With include command

With match/ACL is new way of doing it. So, to answer to your question, no you don't have to use match/acl to authenticate and authorize the traffic and download ACL from ACS Server as all downloadable acl requires is that you define the authorization on the pix.

Here is a good doc that has an example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea9.shtml#new_per_user

Thanks,

Mynul

0 Helpful
Customers Also Viewed These Support Documents