Implementing AAA for inside interface users

Unanswered Question
Mar 28th, 2008

Hi all,

I recently implemented Downloadable Access Lists for VPN users in our Cisco PIX & IAS (Internet Authentication Service). We have an AD domain, VPN users are authenticating against AD Integrated IAS and according to windows group membership, they get their ACLs that are defined in AV Pairs.Works great.

Now I want to implement AAA for our inside interface clients, achieve results similar to above. Want to restrict traffic flow by Active Directory Users or Active Directory Groups. To remind, not for VPN users!, want to implement for users located in inside interface accessing resources on outside or DMZ interface.

The question is, is IAS alone enough? Or should I install TACACS and disable IAS? Or should I implement CSACS?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Thu, 04/03/2008 - 07:02

By default connection from inside hosts are monitored when it goes out. But if you want it for specific protocol use Fixup command on the PIX.


This Discussion