RE: [fw-wiz] Authentication on PIX.

From: Pete Capelli (pcapelli_at_nsec.net)
Date: 09/10/03

  • Next message: jm: "[fw-wiz] Blocking IM & Web Mail" 
    To: "Melson, Paul" <PMelson@sequoianet.com>, "Firewall Wizards List" <firewall-wizards@honor.icsalabs.com>
Date: Wed, 10 Sep 2003 10:18:23 -0400

            I believe the ACL's can overlap; the problem is that no ACS user can be a
    member of more than one group (in the current revision of ACS)

    -pete

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of Melson,
    Paul
    Sent: Monday, September 08, 2003 4:53 PM
    To: Firewall Wizards List
    Subject: RE: [fw-wiz] Authentication on PIX.

    Yes, but this [apparently] requires using Cisco Secure ACS (Access Control
    Server) as the RADIUS server.

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config
    /mngacl.htm#1137235

    If memory serves, the one caveat is that the group access-lists can't
    overlap.

    PaulM

    > -----Original Message-----
    > I need to enable authentication on the PIX515 for multiple user groups,
    each
    > group having access to a pre-defined set of services. A user can be part
    of
    > more than one group.
    >
    > Can this be done on a PIX with Radius authentication?
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: jm: "[fw-wiz] Blocking IM & Web Mail"