Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
0
Helpful
2
Replies

Downloadable ACL's in PIX ver 6.2

Kevin Melton
Level 2
Level 2

‎01-12-2003 02:27 PM - edited ‎02-20-2020 10:29 PM

I was reading how using DACL's can eliminate the need to have ACL configured on the PIX. My PIX uses ACL 's to make VPN tunnel end points for client networks. Can I use DACL's in conjunction with ACL Manager and a RADIUS server to keep the large ACL list off of my PIX config??..

Also, does ACL Manager run on CiscoView or on PDM?..

Thanks

0 Helpful
2 Replies 2

mclach
Level 1
Level 1

‎01-12-2003 05:02 PM

Hi Kevin,

ACL Manager is not a part of PDM it is a part of RME for Cisco Works.

There is no correlation between the two. You can't use ACL Manager to implement DACL's.

You are correct in your statement DACL'S does mean that ACL's are not stored locally on the PIX but are stored on the Radius server.

Previously you would have seen that you could define a ACL number to pass to the pix and the locally configured ACL would then be applied to the user.

DACL's is an alternative to this method and only became available in PIX 6.2 code.

You spoke of using ACL's to apply to users that are connecting to the PIX with VPN Clients. This is referred to as Xauth (extended authentication) you can use DACl's with VPN Client connections but because of bug id CSCdx47975

you need to have PIX 6.2(2) code installed.

Here is a sample config that should give you a better idea of how DACL's works with the PIX.

http://www.cisco.com/warp/public/110/atp52.html#new_per_user

R/Catherine

0 Helpful

Kevin Melton
Level 2
Level 2
In response to mclach

‎01-12-2003 06:30 PM

thanks for your helpful info.

I was misleading earlier in a statement. It is not VPN clients that our "business clients" are connecting with; rather we establish VPN tunnels from our PIX to their VPN device to see each others inside network address...

I was thinking that perhaps DACL's could be used to keep my lengthy PIX configuration less cluttered with Access Lists. A training video for PIX version 6.2 on the Partner E-learning connection was where I got the idea from. I was thinking that as traffic entered from a opposite end tunnel address; perhaps the appropriate ACL could be downloaded to the PIX at that time based upon the tunnel end point address...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card