Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Implementing AAA for inside interface users

Hi all,

I recently implemented Downloadable Access Lists for VPN users in our Cisco PIX & IAS (Internet Authentication Service). We have an AD domain, VPN users are authenticating against AD Integrated IAS and according to windows group membership, they get their ACLs that are defined in AV Pairs.Works great.

Now I want to implement AAA for our inside interface clients, achieve results similar to above. Want to restrict traffic flow by Active Directory Users or Active Directory Groups. To remind, not for VPN users!, want to implement for users located in inside interface accessing resources on outside or DMZ interface.

The question is, is IAS alone enough? Or should I install TACACS and disable IAS? Or should I implement CSACS?

Regards

1 REPLY
Silver

Re: Implementing AAA for inside interface users

By default connection from inside hosts are monitored when it goes out. But if you want it for specific protocol use Fixup command on the PIX.

202
Views
0
Helpful
1
Replies