I just want to ask if ASA can perform like lock & key like router's IOS security feature???
The point is I want to put ASA as the access control between 2 internal departments. I want the ASA to be transparent so there's no hop and no NAT between them. I just want if people from department A want to access servers in department B, they have tobe authenticated first and a dynamic acl would be applied in the ASA to allow the traffic according to their priviledge. Is this feature called "cut through proxy"?
And I want to authenticate it using radius from ACS and ASA should retrieve dynamic acl from ACS according to user database, and if the ACS would fall, ASA would use local database and predefined dynamic acl in it.
The acl before is only just used for triggering the authenticationright?Yes
and after the authentication is successful, ASA could getdynamic acl applied based on the user, right?You don't see the ACL like on the router but it practically denies the host.
And could it be applied in transparent mode ASA? Yes
Could you provide me the link of complete guide regarding all the feature and options for configuring this ASA proxy???
I hope it helps.