11-03-2014 02:56 PM - edited 03-11-2019 10:01 PM
Hello everyone,
I need some suggestions on how to use a Cisco ASA as a firewall between my Company's corporate and Industrial networks. Here's my situation.
We currently have our Corp and Industrial networks internet connected at our core switch,they are on separate VLANS. I want to place the firewall between the VLANS to prevent corporate users from being able to access the Industrial network. The exception is the engineers who need access from the corp network to troubleshoot issues on the industrial network. They use remote access tools such as RDP and VNC. In your minds what is the best way to deploy an ASA to allow these users past the firewall, they will be coming from a multitude of IP addresses on the corporate side which will constantly change depending on their location and connection path. I would like to tie their access to Active Directory OU's vs IP's so I think traditional ACL's are not going to cut it. Also, they will be VPN'ing into the network from home using Cisco Anyconnect to a different ASA on the border of our corporate network so my solution needs to be client-less once they get on the corporate network....any suggestions would be much appreciated.
11-03-2014 07:12 PM
Since ASA version 8.4 you can use user identity in access-lists.
There is a step-by-step guide posted here that helps show how to setup and use this feature.
It's a couple years old so it refers to the now-deprecated AD Agent. That bit is now replaced with the Context Directory Agent (CDA) software, available as a separate VM image.
11-03-2014 07:53 PM
Thanks Marvin I will look into that and give it a try, appreciate it!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide