06-19-2003 12:31 AM - edited 02-20-2020 09:21 PM
hi
with 6.2 we can download ACL per services (Telnet/HTTP/FTP)
to authorize users to work on ,but about other services like HTTPS or
SSH and special TCP ports application , are they supported also ?
or is it restricted to Telnet/HTTP/FTP ?
thanks in advance for any hints on that
JYP
06-19-2003 08:43 PM
Hi JYP,
If you mean downloadable ACL in PIX 6.2 as per this link, there is not restriction to what all ports you can block and allow.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/mngacl.htm#1030990
Thanks
Sujit
06-20-2003 01:10 AM
Hi Sujit
thanks for your response, customer claimed that doesnt work with
HTTPS protocol ??
JYP
06-20-2003 04:54 AM
It is true that if you use the manual CLI to define authorizations you cannot do HTTPS. You can only do HTTP, FTP, and Telnet. However, the per-user ACL download places the ACL on the interface you authorizing on. This creates a temporary ACL on the input of that interface for that user/ip-address which allows you to define anything you would normally define in an interface ACL.
-S
06-20-2003 05:35 AM
thanks for your response, do you have any configuration examples available for this per-user ACL ?
JYP
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: