[fw-wiz] Automatic ACL update on Cisco boxes

From: Pierre-Yves Bonnetain (bonnetain_at_acm.org)
Date: 06/11/03

  • Next message: Sloane, David: "RE: [fw-wiz] Backup exec agent in dmz"
    To: firewall-wizards@icsalabs.com
    Date: Wed, 11 Jun 2003 14:42:08 +0200


    We are currently setting up some filtering router (CISCO, IOS 12) for a
    customer. We are looking for some tool (or pack of tools, or magical
    stuff, whatever) that will enable us to dynamically add or remove ACLs
    on the router, depending on some external events.

    Our idea is the following : roaming user Alice connects to a VPN box,
    use as an entry point to our internal network. After authentication, she
    gets an IP address (say, from the box.

    We would then like to update another router's configuration (VPN zone to
    internal net) do add a few 'permit' ACLs for her temporary address, so
    that she will have access to the systems she needs to use (the list is
    hardcoded somewhere, _not_ on her laptop) and those ACLs will be removed
    as soon as she disconnect from the VPN. This way, we do not have
    permanent ACLs, when noone uses the VPN the router has _no_ permits at
    all (well, maybe a few for the Radius stuff and admin tasks -:).

    Do you have any idea/product names doing this kind of stuff ?

    Pierre-Yves Bonnetain
    B&A Consultants - Networks and Computers Security
    Phone : +33 (0) 563 277 241 - Fax : +33 (0) 563 277 245
    firewall-wizards mailing list

  • Next message: Sloane, David: "RE: [fw-wiz] Backup exec agent in dmz"