Automatic ACL update on Cisco boxes

[Pierre-Yves Bonnetain <bonnetain () acm org>]

Hello,

We are currently setting up some filtering router (CISCO, IOS 12) for a 
customer. We are looking for some tool (or pack of tools, or magical 
stuff, whatever) that will enable us to dynamically add or remove ACLs 
on the router, depending on some external events.

Our idea is the following : roaming user Alice connects to a VPN box, 
use as an entry point to our internal network. After authentication, she 
gets an IP address (say, 192.168.1.1) from the box.

We would then like to update another router's configuration (VPN zone to 
internal net) do add a few 'permit' ACLs for her temporary address, so 
that she will have access to the systems she needs to use (the list is 
hardcoded somewhere, _not_ on her laptop) and those ACLs will be removed 
as soon as she disconnect from the VPN. This way, we do not have 
permanent ACLs, when noone uses the VPN the router has _no_ permits at 
all (well, maybe a few for the Radius stuff and admin tasks -:).

Do you have any idea/product names doing this kind of stuff ?
Tia,

--
Pierre-Yves Bonnetain
B&A Consultants - Networks and Computers Security
Phone : +33 (0) 563 277 241 - Fax : +33 (0) 563 277 245

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards