I have a Cisco ASA 5505 device connecting my LAN to the internet using PAT/NAT. I want to restrict access to the internet on ports 80 and 443 on a per user basis.
I.e allow management staff access whilst restricting general staff.
I understand how to to this on a per device level by creating an access list blocking certain IPs out to the internet but I would like to restrict certain users.
I guess they will need to authenticate with the ASA some how.
You need to set up Cut through proxy in ASA.
Here is the configuration which we need to add on ASA:-
access-list WEBAUTH permit tcp any any eq 80
access-list WEBAUTH permit tcp any any eq 443
aaa authentication match WEBAUTH inside LOCAL
aaa authentication secure-http-client
aaa authentication listener http inside port www redirect
aaa authentication listener https inside port https redirect
Do rate helpful posts