RE: [fw-wiz] Automatic ACL update on Cisco boxes
From: Ahmed, Balal (balal.ahmed_at_cgey.com)
Date: 06/12/03
- Previous message: Ahmed, Balal: "RE: [fw-wiz] Backup exec agent in dmz"
- Maybe in reply to: Pierre-Yves Bonnetain: "[fw-wiz] Automatic ACL update on Cisco boxes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'bonnetain@acm.org'" <bonnetain@acm.org>, firewall-wizards@icsalabs.com Date: Thu, 12 Jun 2003 10:58:15 +0100
You can do this using downloadable access lists. This is a feature in Cisco
TACACS+ servers. The access lists are held on the tacacs+ server and are
downloaded to The access control point device when the user authenticates.
There is a 90 day evaluation version available from cisco
-----Original Message-----
From: Pierre-Yves Bonnetain [mailto:bonnetain@acm.org]
Sent: 11 June 2003 13:42
To: firewall-wizards@icsalabs.com
Subject: [fw-wiz] Automatic ACL update on Cisco boxes
Hello,
We are currently setting up some filtering router (CISCO, IOS 12) for a
customer. We are looking for some tool (or pack of tools, or magical
stuff, whatever) that will enable us to dynamically add or remove ACLs
on the router, depending on some external events.
Our idea is the following : roaming user Alice connects to a VPN box,
use as an entry point to our internal network. After authentication, she
gets an IP address (say, 192.168.1.1) from the box.
We would then like to update another router's configuration (VPN zone to
internal net) do add a few 'permit' ACLs for her temporary address, so
that she will have access to the systems she needs to use (the list is
hardcoded somewhere, _not_ on her laptop) and those ACLs will be removed
as soon as she disconnect from the VPN. This way, we do not have
permanent ACLs, when noone uses the VPN the router has _no_ permits at
all (well, maybe a few for the Radius stuff and admin tasks -:).
Do you have any idea/product names doing this kind of stuff ?
Tia,
-- Pierre-Yves Bonnetain B&A Consultants - Networks and Computers Security Phone : +33 (0) 563 277 241 - Fax : +33 (0) 563 277 245 _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards ******************************************************************************************** " This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst & Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message ". ******************************************************************************************** _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Ahmed, Balal: "RE: [fw-wiz] Backup exec agent in dmz"
- Maybe in reply to: Pierre-Yves Bonnetain: "[fw-wiz] Automatic ACL update on Cisco boxes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
