Secured Internal Network (ASA 5510)

Unanswered Question
Jun 19th, 2009

We have an internal subnet (Secured Server LAN) that requires network authorization. This subnet contains a separate AD forest with the servers as members of the domain. The Windows XP clients that access these resources are also members of the secure AD forest but are connected to the corporate LAN. We would want to configure RSA SecureID to provide two-factor authentication for the users. Can the ASA 5510 provide network authorization prior to attempting to login to Active Directory without configuring SSL VPN? Please see attachment...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
wdrootz Thu, 06/25/2009 - 05:21

You can able to configure authorization in your ASA device before accessing AD. The below URL presents example procedures for configuring authentication and authorization on the security appliance using the Microsoft Active Directory server. It includes the following use cases:

•User-Based Attributes Policy Enforcement

•Placing LDAP users in a specific Group-Policy

•Enforcing Static IP Address Assignment for AnyConnect Tunnels

•Enforcing Dial-in Allow or Deny Access

•Enforcing Logon Hours and Time-of-Day Rules


This Discussion