We have a Cisco Windows ACS server that we currently use for many purposes. One of those is that we add the mac addresses of everyone authorized to be on the wireless network and then we have our Cisco WLC use it for authentication.
My question is, isnt it also possible to use the ACS when building an ACL on our router? I would like to build some ACL's on the router that basically do a lookup on the ACS to see if your traffic is authorized to pass.
One more question. What I need is probably out of the ordinary so I dont know that its possible.
I just set this downloadable acl up and configured our asa to use it. It works just fine. However, what I really need it to do is to deny access out the asa to anyone listed in the acs server, but permit access to anyone not listed.
I know that sounds crazy. Any chance that is possible. Maybe using some sort of wildcards or anything like that.
We have two WLANs setup at work. A private, secure WLAN for our employees to use and a Public Guest Wireless network that only can access the Internet.
Our private WLAN uses MAC address authentication but anyone can use the Public Wireless.
We want to prevent our employees from being able to connect to the Public Wireless WLAN.
The reason is that we have various internet access restrictions and such on the secure WLAN but the Public Wireless is fairly open. We are afraid our employees will figure this out and just connect to it to bypass the restrictions.
I know we could use Group Policy and other tools to stop them from being able to edit their wireless settings but I was looking for a more fail safe method.
Our internal users are all given 10.X.X.X addresses and our public wireless is given 172.16.X.X addresses.
We have this solution working now using a MAC filter on our internet filtering appliance but it requires that we enter every MAC address twice and that is something we want to get away from.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...