Re: [OSL | CCIE_Security] auth-Proxy access-list

[HA Ali]

you put ACL on User or group ?

From: walleed...@hotmail.com
To: kingsley.char...@gmail.com
Date: Wed, 8 Feb 2012 22:05:00 +0000
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] auth-Proxy access-list







I tried that , what happen is , the authentication and authorization success , 
but not install any thing in the access list on interface , so it is like must 
configure any any access-list for auth-proxy to work 

Date: Wed, 8 Feb 2012 16:11:13 +0530
Subject: Re: [OSL | CCIE_Security] auth-Proxy access-list
From: kingsley.char...@gmail.com
To: walleed...@hotmail.com
CC: ccie_security@onlinestudylist.com

Never tried that.

Can you try the following:

priv-lvl=15proxyacl#1=permit icmp 10.20.30.0 0.0.0.255 anyproxyacl#2=permit tcp 
10.20.30.0 0.0.0.255anyproxyacl#3=permit udp 10.20.30.0 0.0.0.255 any




With regards
Kings

On Wed, Feb 8, 2012 at 10:40 AM, waleed ' <walleed...@hotmail.com> wrote:





I configured auth-proxy with this access-list for user 
:priv-lvl=15proxyacl#1=permit icmp any anyproxyacl#2=permit tcp any 
anyproxyacl#3=permit udp any any

but when the user authinticate , the downloaded ACL is:Extended IP access list 
102     permit icmp host 10.10.10.200 any     permit tcp host 10.10.10.200 any  
   permit udp host 10.10.10.200 any
    10 deny ip any any (378 matches)

so it is install entries only for the authenticated host , can we make it open 
for the whole subnet or let it the router install them as any any 


Regards                                           

_______________________________________________

For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com



Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

                                          

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com                                         
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com