I use an ASA 5520 as I-Net Edge for 3 different groups of Users. Currently i control access in the internet segment for each groups by static dhcp leases based on MAC-Adresses.
As this is not the most secure approach i am looking for a different way to control access within my internet segment.
I am thinking of authenticating the users with username and password prior to establishing connections over the ASA. I think this can be done somehow with the cut-trough proxy feature. Unfortunately i have no ACS Server available so the cut-through approach is not possible.
Has anyone done a configuration setup where users get authenticated based on username/password prior to allowing a connection through the ASA so far?
A similar functionality is often seen on public hotspots in airports where you have to authenticate over a webpage before internet usage.
Is there an open source software capable of this authentication method and can you configure it in conjunction with an ASA? Maybe using the WCCP Feature?
This might be a little Offtopic but hopefully someone has already experience with this kind of setup.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...