[fw-wiz] Automatic ACL update on Cisco boxes

From: Pierre-Yves Bonnetain (bonnetain_at_acm.org)
Date: 06/11/03

  • Next message: Sloane, David: "RE: [fw-wiz] Backup exec agent in dmz"
    To: firewall-wizards@icsalabs.com
    Date: Wed, 11 Jun 2003 14:42:08 +0200
    
    

    Hello,

    We are currently setting up some filtering router (CISCO, IOS 12) for a
    customer. We are looking for some tool (or pack of tools, or magical
    stuff, whatever) that will enable us to dynamically add or remove ACLs
    on the router, depending on some external events.

    Our idea is the following : roaming user Alice connects to a VPN box,
    use as an entry point to our internal network. After authentication, she
    gets an IP address (say, 192.168.1.1) from the box.

    We would then like to update another router's configuration (VPN zone to
    internal net) do add a few 'permit' ACLs for her temporary address, so
    that she will have access to the systems she needs to use (the list is
    hardcoded somewhere, _not_ on her laptop) and those ACLs will be removed
    as soon as she disconnect from the VPN. This way, we do not have
    permanent ACLs, when noone uses the VPN the router has _no_ permits at
    all (well, maybe a few for the Radius stuff and admin tasks -:).

    Do you have any idea/product names doing this kind of stuff ?
    Tia,

    -- 
    Pierre-Yves Bonnetain
    B&A Consultants - Networks and Computers Security
    Phone : +33 (0) 563 277 241 - Fax : +33 (0) 563 277 245
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Sloane, David: "RE: [fw-wiz] Backup exec agent in dmz"

    Relevant Pages

    • Re: HIPAA and firewalls
      ... >compliant manner using VPN. ... this is a bad and expensive method of purchasing a router. ... the VPN is setup in 5 steps. ... network IP block to both sides of the VPN tunnel. ...
      (comp.security.firewalls)
    • Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
      ... the easiest way to deal with a VPN is to *FIRST* understand how ... as the NAT LAN connected to the terminating VPN server, to the client. ... Destination router: ... Gateway IP = 192.168.3.1 ...
      (alt.internet.wireless)
    • Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
      ... after the connection is established. ... the easiest way to deal with a VPN is to *FIRST* understand how ... as the NAT LAN connected to the terminating VPN server, to the client. ... Destination router: ...
      (alt.internet.wireless)
    • Re: Windows XP Networking Question (with Linksys Home VPN Router)
      ... You bought one router. ... to share this router in a wireless network? ... you don't need to be thinking of VPN - you can be all on the same ... and the other's set up 'outgoing connections' to connect to it. ...
      (microsoft.public.isa.vpn)
    • Re: VPN, FTP, or remote desktop
      ... There should be no need to do that if the router ... As I noted before I run Remote Desktop through a Secure Shell (SSH) tunnel ... > We also checked with Buffalo that their WBR series do support PPTP VPN. ...
      (microsoft.public.windowsxp.network_web)