Hi, > I have yet to get user/groups downloadable ACL's to work. I don't even > know if it is possible. > > But I do have user DACL's working, the following syntax works, > > username Auth-Type := Local, Password == 'password' > Cisco-AVPair := "ip:inacl#1=permit ip 192.168.10.0 255.255.255.0 > 192.168.0.0 255.255.255.0" > > the src is the local protected network, the dst is the vpn client network. > > Please let the list know if you get the groups working or find > out any news about the PIX and ACLs.
Okay.... But from what I understand, the DACL's on the PIX is related to split tunnelling (at least that is what the access-list/group parameter on the the vpngroup sommand is being used for) - so I don't really know if Radius or Tacacs+ will help me - because I need to restrict access for a certain group to a single host in the DMZ - and split tunnelling should be disabled at the same time. Anyway, thanks for the input... /Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
