[c-nsp] Downloadable ACL PIX-VPN concentrator
Massucco Emanuele
E.Massucco at datasiel.net
Mon Mar 21 05:54:43 EST 2005
Hi everyone,
I've got a nice question.
I use Cisco ACS server to authenticate my VPN client connection.
I use a PIX 515 to terminate tunnels with a service provider and VPN
Concentrator 3030 to terminate tunnels on another provider.
Cisco ACS server passes IP downloadable ACL to user in order to control
their access policy.
Of course I aim to use the same user for authentication on both PIX and
VPN concentrator.
The problem is that PIX uses ACL defined as: net_address subnet_mask
(10.10.10.0 255.255.255.0)
While VPN concentrator uses: net_address subnet_wildcard
(10.10.10.0 0.0.0.255)
Does anyone ever had this problem?
More information about the cisco-nsp
mailing list