Firewall Wizards mailing list archives
RE: Automatic ACL update on Cisco boxes
From: "Ahmed, Balal" <balal.ahmed () cgey com>
Date: Thu, 12 Jun 2003 10:58:15 +0100
You can do this using downloadable access lists. This is a feature in Cisco TACACS+ servers. The access lists are held on the tacacs+ server and are downloaded to The access control point device when the user authenticates. There is a 90 day evaluation version available from cisco -----Original Message----- From: Pierre-Yves Bonnetain [mailto:bonnetain () acm org] Sent: 11 June 2003 13:42 To: firewall-wizards () icsalabs com Subject: [fw-wiz] Automatic ACL update on Cisco boxes Hello, We are currently setting up some filtering router (CISCO, IOS 12) for a customer. We are looking for some tool (or pack of tools, or magical stuff, whatever) that will enable us to dynamically add or remove ACLs on the router, depending on some external events. Our idea is the following : roaming user Alice connects to a VPN box, use as an entry point to our internal network. After authentication, she gets an IP address (say, 192.168.1.1) from the box. We would then like to update another router's configuration (VPN zone to internal net) do add a few 'permit' ACLs for her temporary address, so that she will have access to the systems she needs to use (the list is hardcoded somewhere, _not_ on her laptop) and those ACLs will be removed as soon as she disconnect from the VPN. This way, we do not have permanent ACLs, when noone uses the VPN the router has _no_ permits at all (well, maybe a few for the Radius stuff and admin tasks -:). Do you have any idea/product names doing this kind of stuff ? Tia, -- Pierre-Yves Bonnetain B&A Consultants - Networks and Computers Security Phone : +33 (0) 563 277 241 - Fax : +33 (0) 563 277 245 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards ******************************************************************************************** " This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst & Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message ". ******************************************************************************************** _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Automatic ACL update on Cisco boxes Pierre-Yves Bonnetain (Jun 11)
- RE: Automatic ACL update on Cisco boxes Ben Nagy (Jun 13)
- <Possible follow-ups>
- RE: Automatic ACL update on Cisco boxes Ahmed, Balal (Jun 13)