Access Contol based on Active Directory Group Membership
I am working with a customer who has an internal firewall protecting their core production applications. They are keen to segregate access to application servers further, and would like to do this based a user's group membership in the Active Directory domain.
Is there any way to achieve this using a PIX firewall or associated products?
We cannot segregate users by IP address as different types of user share machines.
Re: Access Contol based on Active Directory Group Membership
It sounds to me like you want to control/restrict access to application servers and want to use AD for authentication. If so, then I suggest incorporating Cisco Access Control Server.
With these 3 components, PIX Firewall, Windowsc 2000 AD and Cisco ACS, you can have PIX force user authentication to the ACS with in turns uses Windows 2000 AD for its user database. At the same time you can configure per user access control lists (ACLs) on the ACS which the PIX firwall will download and add to the config for access restrictions.
Let me know if this helps or I can try to explain it better.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...