I use Windows 2000 IAS RADIUS attributer cisco-av-pair to setup ACL on the PIX to control port lever security for VPN users, who try this way? My problem is vpn user is ok, but inside users browse internet is dinied by RADIUS, setup line on the pix like:
access-list 101 deny tcp 172.4.1.0 255.255.255.0 host 10.20.0.102 eq ftp
access-list 101 deny tcp 172.4.1.0 255.255.255.0 host 10.20.0.102 eq 137 (hitcnt=0)
.....
access-list 101 permit ip any any
172.4.1.0 is local pool address.
any idea? thanks
ben