johanm Utente |
| Località: Mariehamn | Nazione: Finland | Web: http://www.birkaline.com |
|
|
match an Access-lists in Cisco PIX to Radius users
I have a couple of Cisco PIX 515E firewalls, and I have users connection with VPN Clients to the PIX firewalls and they are authecticated bya RadTac Radius server.
I want to restict users from accessing certain ip-addresses (server) on the inside, and this could be done by making an access-list and then the access-list have a acc-id that is matched against the Radius server.
If I had Cisco Secure ACS server then it would be built in in the program, becase what I understand from reading the PIX referens manual, Cisco Secure ACS extracts the ACL ID from the access-list and make a match aginst the user/group policys in the Radius server.
So my question is, can this be done be RadTac server ?
I'll attach the link to PIX Command referns where is stands about this.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#1067755
The go down to "RADIUS Authorization", there you can find the same thing I describe above.
Rgds
Johan Mannerstrom
|