04-05-2009 12:28 PM - edited 03-10-2019 04:25 PM
Hello All,
I have a Cisco ASA 5505 device connecting my LAN to the internet using PAT/NAT. I want to restrict access to the internet on ports 80 and 443 on a per user basis.
I.e allow management staff access whilst restricting general staff.
I understand how to to this on a per device level by creating an access list blocking certain IPs out to the internet but I would like to restrict certain users.
I guess they will need to authenticate with the ASA some how.
Any pointers?
TIA.
Solved! Go to Solution.
04-06-2009 12:51 PM
You need to set up Cut through proxy in ASA.
Here is the configuration which we need to add on ASA:-
access-list WEBAUTH permit tcp any any eq 80
access-list WEBAUTH permit tcp any any eq 443
aaa authentication match WEBAUTH inside LOCAL
aaa authentication secure-http-client
aaa authentication listener http inside port www redirect
aaa authentication listener https inside port https redirect
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1043431
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/a1_72.html#wp1437427
Regards,
~JG
Do rate helpful posts
04-06-2009 12:51 PM
You need to set up Cut through proxy in ASA.
Here is the configuration which we need to add on ASA:-
access-list WEBAUTH permit tcp any any eq 80
access-list WEBAUTH permit tcp any any eq 443
aaa authentication match WEBAUTH inside LOCAL
aaa authentication secure-http-client
aaa authentication listener http inside port www redirect
aaa authentication listener https inside port https redirect
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1043431
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/a1_72.html#wp1437427
Regards,
~JG
Do rate helpful posts
04-08-2009 12:08 PM
Many thanks for your help, this the info I was looking for!
04-27-2009 07:45 AM
Thanks for your reply on this one.
Can you give me a few pointers on using a telnet session to authenticate instead of www redirect.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: