ASA web proxy?

Unanswered Question
Mar 6th, 2009

Does anyone know if the ASA has a built in web proxy like competing products? Basically, I want to proxy all internal users and authenticate them against Active Directory. Based upon their group permissions, I want to be able to configure what kinds of websites they can gain access to.

If the product can't do this - will it at least allow me to authenticate users for access to the internet? Anything else I can configure to limit what access they have?



I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Fri, 03/06/2009 - 10:02

AFAIK the ASA will not work like that, however you might be able to configure it somehow like that.

Using DAP and cut-through proxy, you can choose a list of access-lists that will be pushed to the user based on their group membership after they authenticate.

Using LDAP as the authentication protocol and retrieving the LDAP attributes like memberOf you can use DAP to enforce this kind of network ACL where you can chose what remote destination will this user be able to reach, unfortunately this is not as granular as defining the NAMES of your sites rather your IP Addresses.



This Discussion