Chapter5 Settin g Up and Managing Shared Profile Components
Downloadable PIX ACLs
5-2
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
This chapter contains the following sections:
Downloadable PIX ACLs, page5-2
Network Access Restrictions, page 5-6
Command Authorization Sets, page 5-12
Downloadable PIX ACLs
This section includes a description of downloadable PIX ACLs followed by
detailed instructions regarding their configuration and management.

About Downloadable PIX ACLs

Downloadable PIX ACLs enable you to enter an ACL once, in CiscoSecure ACS,
and then load that ACL to any number of PIX Firewalls that authenticate using
the Cisco IOS/PIX protocol. This is far more efficient than directly entering the
ACL into each PIX Firewall via its CLI. No additional configuration of the
PIX Firewall is necessary after it has been configured to undertake authorization
using RADIUS.
The ACL Definitions that you enter into CiscoSecure ACS consist of one or
more PIX ACL commands, with each command on a separate line. Using standard
RADIUS Cisco AV -p airs permits you to enter a maximum of 4 kilob ytes of ACLs;
whereas, the downloadable PIX ACLs can be of unlimited size. In entering the
ACL definitions in the ACS HTML interface, do not use keyword and name
entries; in all other respects, use standard PIX ACL command syntax and
semantics. An example of the format you should use to enter ACL Definitions
follows:
permit tcp any host 11.0.0.254
permit udp any host 11.0.0.254
permit icmp any host 11.0.0.254
permit tcp any host 11.0.0.253
See the Command Reference section of your PIX Firewall configuration guide
for detailed ACL definition information.