Is there a way to create a "captive portal" using the ASA?
Basically I am looking to have a user turn on their PC and then try to get to a web site but be redirected to a page where they can be authenticated. Then either based on who they authenticate as, or any successful authentication, the ASA applies ACLs to their traffic.
This would create a situation where they cannot get anywhere until they authenticate and then maybe once they have authenticated they are allowed outbound on 80 and 443 to anywhere.
I am thinking this is possible using maybe cut-through proxy authorization and/or downloadable ACLs from the CSACS server but I am having trouble figuring out if it can really be done and if so how these pieces fit together.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...