Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
1
Replies

Downloadable ACL Question

kendo.igor
Level 1
Level 1

‎11-13-2002 01:00 PM - edited ‎02-20-2020 09:19 PM

I have a few questions regarding Downloadable ACL. We are using PIX 515E in conjuction with Cisco ACS 3.0.2

1. Can we implements downloadable acl with TACACS+

2. Usually access lists are bound to an interface. Which interface does the downloadable acl bind to? Since there is no access-group command for it.

3. If a downloadable acl is associated with a user, does the other regular ACLs on the PIX apply to the authenticated user, or the downloadable ACLs will become the sole ACL being applied to that user?

Thanks.

Labels:
0 Helpful
1 Reply 1

bosoro
Cisco Employee
Cisco Employee

‎11-13-2002 01:15 PM

To answer your questions:

1. According to 6.2 docs, No... RADIUS only

2. It is bound in the direction of which the user was authenticated/authorized.

i.e. An inside user going outside that gets authenticated going outside, will have his ACL applied to the inside interface, essentially.

3. The per-user ACL overwrites the existing ACL's that are on the PIX for the duration of the users session

Hope that helps

-Bryan

0 Helpful
Customers Also Viewed These Support Documents