I just want to ask if ASA can perform like lock & key like router's IOS security feature???
The point is I want to put ASA as the access control between 2 internal departments. I want the ASA to be transparent so there's no hop and no NAT between them. I just want if people from department A want to access servers in department B, they have tobe authenticated first and a dynamic acl would be applied in the ASA to allow the traffic according to their priviledge. Is this feature called "cut through proxy"?
And I want to authenticate it using radius from ACS and ASA should retrieve dynamic acl from ACS according to user database, and if the ACS would fall, ASA would use local database and predefined dynamic acl in it.
When u said that the ASA proxy will match the traffic on ACL defined in matched statement, it then will be authenticated. The acl before is only just used for triggering the authentication right? and after the authentication is successful, ASA could get dynamic acl applied based on the user, right? And could it be applied in transparent mode ASA?
Could you provide me the link of complete guide regarding all the feature and options for configuring this ASA proxy???
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...