Chapter10.Configuring Shared Profile Components

Previous page
Table of content
Next page

Chapter 10. Configuring Shared Profile Components

In this chapter, you learn the following topics:

  • Downloadable ACLs

  • Network Access Restrictions

  • Configuring Network Access Restrictions

  • Command authorization sets

  • Troubleshooting extended configurations

  • Common issues of network access restrictions

  • The importance of documentation

In Access Control Server (ACS), Shared Profile components can consist of downloadable IP access control lists (ACLs), Network Access Restrictions (NARs), and command authorization sets for both shell commands and PIX shell commands. These configurations can sometimes prove to be more difficult to configure and maintain because of their complexity. This chapter provides a more extended look into the configuration and management of these components than the examples seen in other chapters.

To begin this chapter, we look at downloadable IP ACLs. Specifically, you look at the configuration of downloadable IP ACLs and how to apply them to a PIX Firewall. After configuring downloadable ACLs, you then take a look into the workings of NAR, which help you to configure policy based on the entry point of a network, and finally command authorization sets are discussed to assist you in better understanding and controlling administrative access to the command-line interface (CLI) of PIX Firewalls and Cisco IOS routers in your network.

Figure 10-1 illustrates the common topology used for all examples in this chapter. As you can see, the topology used here is the same as the topology used in previous chapters, with a few devices added the network. Two perimeter routers sit at the forefront of this sample network. These routers are named "Perimeter Router 1," and "Perimeter Router 2." Inside the perimeter routers sit two PIX Firewalls, "Pixfirewall 1" and "Pixfirewall 2," and inside the PIX Firewalls sits a private network with multiple users and ACS.

Figure 10-1. Common Topology


The examples in this chapter using this topology have been configured according to the policy that states that users that access the Internet through Pixfirewall 1 and Pixfirewall 2 are to be authenticated and have an ACL applied with their restrictions. Users accessing the routers for administrative purposes are restricted access to certain devices based on whether they access from Pixfirewall 1 or Pixfirewall 2. Finally, command authorization is configured on both PIX Firewalls and the perimeter routers to control administrative access.



Previous page
Table of content
Next page
Cisco Access Control Security(c) AAA Administrative Services
Cisco Access Control Security: AAA Administration Services
ISBN: 1587051249
EAN: 2147483647
Year: 2006
Pages: 173
Authors: Brandon James Carroll
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
Oracle Developer Forms Techniques
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
.NET System Management Services
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy