We have an external captive portal portal and our portal is hosted on AWS using load balancers. We also use Amazon S3 for static file hosting and other services from AWS that uses load balancers, so the IP addresses of these services are not static and can change any time.
We are having problems with IP address ACLs on Cisco 8.2 and older versions that not accepts URL ACLs. Is there any way to manage this kind of issue?
Yes, is for pre-auth ACLs.
AWS has a list of all their ip-ranges as you could see here: https://ip-ranges.amazonaws.com/ip-ranges.json
Although, Cisco allows only a limited number of ranges, so we can't add all the entries.
The problem of allowing wider ranges is that we could be "opening" the access for other unwanted resources.