ASA 5505 - Dynamic Access Lists (Lock and Key)

mackeyuk · ‎04-28-2009

Hello All,

I have an ASA5505 appliance and want to create a dynamic access list like in this example (http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scflock.html)

But I can't figure out how to do it on my ASA.

Basically I want the appliance to deny traffic to the internet unless a user has authenticated using telnet first.

Collin Clark · ‎04-28-2009

They call it cut-through proxy in the ASA world.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

Hope that helps.

mackeyuk · ‎04-28-2009

It does help a little, but the document is detailing using RADIUS servers for authentication, I just want to use the LOCAL database.

Does anyone have some basic examples it could study as a starting point?

Scenario:

Users on the inside network can not pass though to the outside network (internet) without first authenticating against the local user list, using telnet. Authenticated users must only be allowed to use HTTP, HTTPS, FTP, and DNS protocols.

Hope you can help a newbie to the ASA world! :)

Collin Clark · ‎04-28-2009

Instead of Radius, just use LOCAL.