[fw-wiz] Automatic ACL update on Cisco boxes
From: Pierre-Yves Bonnetain (bonnetain_at_acm.org)
To: firstname.lastname@example.org Date: Wed, 11 Jun 2003 14:42:08 +0200
We are currently setting up some filtering router (CISCO, IOS 12) for a
customer. We are looking for some tool (or pack of tools, or magical
stuff, whatever) that will enable us to dynamically add or remove ACLs
on the router, depending on some external events.
Our idea is the following : roaming user Alice connects to a VPN box,
use as an entry point to our internal network. After authentication, she
gets an IP address (say, 192.168.1.1) from the box.
We would then like to update another router's configuration (VPN zone to
internal net) do add a few 'permit' ACLs for her temporary address, so
that she will have access to the systems she needs to use (the list is
hardcoded somewhere, _not_ on her laptop) and those ACLs will be removed
as soon as she disconnect from the VPN. This way, we do not have
permanent ACLs, when noone uses the VPN the router has _no_ permits at
all (well, maybe a few for the Radius stuff and admin tasks -:).
Do you have any idea/product names doing this kind of stuff ?
-- Pierre-Yves Bonnetain B&A Consultants - Networks and Computers Security Phone : +33 (0) 563 277 241 - Fax : +33 (0) 563 277 245 _______________________________________________ firewall-wizards mailing list email@example.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards