Downloadable Pix Acl Configuration; Adding A Downloadable Pix Acl - Cisco Servers User Manual

Chapter 5 Setting Up and Managing Shared Profile Components

Downloadable PIX ACL Configuration

Adding a Downloadable PIX ACL

Step 1
Step 2
Step 3
Step 4
78-13751-01, Version 3.0
ACLs entered into the Cisco Secure ACS are protected by whatever backup or
replication regime you have established for the Cisco Secure ACS. After you
configure an ACL as a named shared profile component, you can include that
ACL in any Cisco Secure ACS user, or user group, profile. When
Cisco Secure ACS returns an attribute with a named ACL as part of a user's
session RADIUS access accept packet, the PIX Firewall applies that ACL to that
user's session. Cisco Secure ACS employs a versioning stamp for ensuring that
the PIX Firewall has cached the latest ACL version. If a PIX Firewall responds
that it does not have the current version of the named ACL in its cache (that is,
the ACL is new or has changed), Cisco Secure ACS automatically uploads the
ACL update to the PIX Firewall cache.
After you configure a downloadable PIX ACL, it can be applied against any
number of single users or user groups.
This section contains the following procedures:
Adding a Downloadable PIX ACL, page 5-3
•
• Editing a Downloadable PIX ACL, page 5-4
Deleting a Downloadable PIX ACL, page 5-5
•
To add a downloadable PIX ACL, follow these steps:
In the navigation bar, click Shared Profile Components.
Result: The Shared Profile Components page appears.
Click Downloadable PIX ACLs.
Click Add.
Result: The Downloadable PIX ACLs page appears.
In the Name: box, type the name of the new PIX ACL.
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
Downloadable PIX ACLs
5-3