Cisco Systems Servers Benutzerhandbuch

This chapter contains the following sections:

This section includes a description of downloadable PIX ACLs followed by 
detailed instructions regarding their configuration and management.

Downloadable PIX ACLs enable you to enter an ACL once, in Cisco Secure ACS, 
and then load that ACL to any number of PIX Firewalls that authenticate using 
the Cisco IOS/PIX protocol. This is far more efficient than directly entering the 
ACL into each PIX Firewall via its CLI. No additional configuration of the 
PIX Firewall is necessary after it has been configured to undertake authorization 
using RADIUS.

 The ACL Definitions that you enter into Cisco Secure ACS consist of one or 
more PIX ACL commands, with each command on a separate line. Using standard 
RADIUS Cisco AV-pairs permits you to enter a maximum of 4 kilobytes of ACLs; 
whereas, the downloadable PIX ACLs can be of unlimited size. In entering the 
ACL definitions in the ACS HTML interface, do not use keyword and name 
entries; in all other respects, use standard PIX ACL command syntax and 
semantics. An example of the format you should use to enter ACL Definitions 
follows:

permit tcp any host 11.0.0.254

permit udp any host 11.0.0.254

permit icmp any host 11.0.0.254

permit tcp any host 11.0.0.253

See the “Command Reference” section of your PIX Firewall configuration guide 
for detailed ACL definition information.