ASA authentication VIA active directory

Unanswered Question
Feb 9th, 2009

Hello frndz

Our network consists of 300 client pc's having internet access and almost all of them are joined to active directory domain I am not sure about it Now pro is that I want create the authentication on ASA that any pc which is not joined tp the domain will not have internet access meaning it should ask for domain user credentials

Pc already join to domain can have internet access directly without asking any credentials How can i do this on ASA ?

Plz any help will be highly apprecaited

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Elly Bornstein Tue, 02/10/2009 - 10:50

802.1x is a good option here to implement, basically it has all the switchports in your network become authenticiated ports where if you want to connect to the network, you need to first authenticate to a RADIUS server. This also allows, non-authenticated users to join a special guest vlan where you can control what they have access to.

I believe there is a way to make RADIUS and active directory coincide.

this is not an ASA solution, this is an access layer solution.

Abdul Samir Shaikh Tue, 02/10/2009 - 11:11

thanks for the reply Actually i want bring up autenticated layer in my network Where 802.1x come from? I just want that any client not join to the domain should not have internet access

mmacdonald70 Sun, 03/08/2009 - 06:49

You might be able to get some of the functions that you want with cut-though proxy:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

This will allow users to authenticate for http, https, ftp and telnet against a Radius server which can be set up to use active directory. There are proxy solutions out there that will allow a Windows AD user to use an existing Active Directory session but as far as I know the ASA is not one of them.

Actions

This Discussion