Re: Downloadable IP ACL's in IOS 12.3(8)T

gprokschg · ‎07-06-2004

Does anyone have a sample config of downloadable IP ACL in IOS 12.3(8)T?

I know it can be done with Secure ACS 3.3, but have no idea on how to configure it on the router.

s.uslay · ‎07-06-2004

as far as I know it just an ordinary extended access list configured in the router.( I use 12.2(17) though). We point to this in TACACS+ "in access control list " field in group definition.

Is this different in 12.3(8)T ?

SU

gprokschg · ‎07-06-2004

Well I am under the impression that the ACS server actually sends the ACL to the router (or to the PIX or VPN Concentrator 3000), hence the router checks it's chache to see if it has an older version of the ACL etc.

I think you might be talking about a something slithgly different!?

s.uslay · ‎07-06-2004

I did not know that downloadable ACL option which is available for PIX and VPN (in ACS 3.2) extended to a router.I might need to check ACS 3.3. doco.

SU

gprokschg · ‎07-06-2004

Downloadable IP ACL's were introduced in IOS 12.3(8)T and ACS 3.3 now says that it support downloadable ACL's to PIX, VPN and IOS with rel 12.3.(8)T.

So I know it's supported, but since it's fairly new, can't find any sample IOS configs.