Restrict access for non-domain users on a CISCO ASA

Unanswered Question
Oct 14th, 2009
User Badges:

Hello all,

Do you know if there is a way to deny trafic through a CISCO ASA for all non-domain users?

Or do we have to use a NAC system ? (and, if yes, what kind of NAC system?)

Many thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
khayhuynh Sun, 10/18/2009 - 23:59
User Badges:


ACS seems to be a good way. However, I can't find any information about authenticating trafic users on ASA with ACS. I only saw documentation on how secure access on the firewall with ACS, but nothing about authenticating users when they are trying to pass through the FW.

Can someone help me by providing me some URL about it?

Many thanks

hdashnau Wed, 10/14/2009 - 10:10
User Badges:
  • Cisco Employee,

If you are trying to do this for VPN connections into your ASA:

-you can deny the non-domain users from logging in with ldap attribute maps or dap

-you can also restrict access with a vpn-filter acl or webvpn type acl applied in the group policy

khayhuynh Wed, 10/21/2009 - 00:43
User Badges:

Hello hdashnau,

It's not for VPN connections but for all trafic from one local zone to another.

I'm still looking for a way to do that, with ACS or NAC, but i can't find any documentation on it.

Did someone already face this issue?

Many thanks,



This Discussion