Cisco Systems Servers Server User Manual


 
Chapter 5 Setting Up and Managing Shared Profile Components
Downloadable PIX ACLs
5-2
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
This chapter contains the following sections:
Downloadable PIX ACLs, page 5-2
Network Access Restrictions, page 5-6
Command Authorization Sets, page 5-12
Downloadable PIX ACLs
This section includes a description of downloadable PIX ACLs followed by
detailed instructions regarding their configuration and management.
About Downloadable PIX ACLs
Downloadable PIX ACLs enable you to enter an ACL once, in Cisco Secure ACS,
and then load that ACL to any number of PIX Firewalls that authenticate using
the Cisco IOS/PIX protocol. This is far more efficient than directly entering the
ACL into each PIX Firewall via its CLI. No additional configuration of the
PIX Firewall is necessary after it has been configured to undertake authorization
using RADIUS.
The ACL Definitions that you enter into Cisco Secure ACS consist of one or
more PIX ACL commands, with each command on a separate line. Using standard
RADIUS Cisco AV-pairs permits you to enter a maximum of 4 kilobytes of ACLs;
whereas, the downloadable PIX ACLs can be of unlimited size. In entering the
ACL definitions in the ACS HTML interface, do not use keyword and name
entries; in all other respects, use standard PIX ACL command syntax and
semantics. An example of the format you should use to enter ACL Definitions
follows:
permit tcp any host 11.0.0.254
permit udp any host 11.0.0.254
permit icmp any host 11.0.0.254
permit tcp any host 11.0.0.253
See the Command Reference section of your PIX Firewall configuration guide
for detailed ACL definition information.