Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
1
Replies

Implementing AAA for inside interface users

husycisco
Level 7
Level 7

‎03-28-2008 09:03 AM - edited ‎03-10-2019 03:45 PM

Hi all,

I recently implemented Downloadable Access Lists for VPN users in our Cisco PIX & IAS (Internet Authentication Service). We have an AD domain, VPN users are authenticating against AD Integrated IAS and according to windows group membership, they get their ACLs that are defined in AV Pairs.Works great.

Now I want to implement AAA for our inside interface clients, achieve results similar to above. Want to restrict traffic flow by Active Directory Users or Active Directory Groups. To remind, not for VPN users!, want to implement for users located in inside interface accessing resources on outside or DMZ interface.

The question is, is IAS alone enough? Or should I install TACACS and disable IAS? Or should I implement CSACS?

Regards

Labels:
0 Helpful
1 Reply 1

irisrios
Level 6
Level 6

‎04-03-2008 07:02 AM

By default connection from inside hosts are monitored when it goes out. But if you want it for specific protocol use Fixup command on the PIX.

0 Helpful
Customers Also Viewed These Support Documents