03-11-2010 07:21 AM - edited 03-11-2019 10:20 AM
I have a client who is using an ASA5510 and wants to limit RDP access to a specific server by login credentials. They don't use any AAA servers for authentication now, just local accounts created on the firewall. Configuring the static NAT and the ACL to allow RDP to the server from the outside isn't an issue but I don't know how to make the firewall check for credentials before it allows the connection. Is this possible? If so, can I use local users?
03-12-2010 02:33 PM
Hi,
It seems that you're looking for the ASA Firewall Session Authentication feature (cut-through proxy features on PIX)
It requires the user to authenticate before passing any traffic through the ASA.
The only issue is that you do need a AAA server. Can't be done against the local database.
Federico.
03-12-2010 02:47 PM
Well,
It seems that you can authenticate a user directly against a virtual server (the ASA itself), via HTTP/HTTPS, telnet or FTP to be able to redirect it to any other service.
Take a look:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_fwaaa.html#wp1046750
Federico,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: