Greetings. I have a 'DMZ' where I have installed an NT ras box for dial-in. I have on the internal network an ACS server doing auth for the PIX. I have defined two groups of users on the ACS, general and admin. The general users should only be able to access two ports into the internal network and the admin must be able to access everything on the internal network.
What AAA commands should I put on the PIX to be able to get the two groups to get different auth for the different network services that they will use. All users will be required to auth to the NT box and the PIX [using a browser or telnet] before doing anything on the internal network. Thanks in advance. Langa
