Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Access Contol based on Active Directory Group Membership

I am working with a customer who has an internal firewall protecting their core production applications. They are keen to segregate access to application servers further, and would like to do this based a user's group membership in the Active Directory domain.

Is there any way to achieve this using a PIX firewall or associated products?

We cannot segregate users by IP address as different types of user share machines.

Thank you for any information you can provide

Regards

Glen McCauley

2 REPLIES
Bronze

Re: Access Contol based on Active Directory Group Membership

I have not come across a way of doing this based on group membership in the AD domain. However, the follwoing document might be of help: http://www.cisco.com/warp/public/110/atp52.html#debug_new

Community Member

Re: Access Contol based on Active Directory Group Membership

It sounds to me like you want to control/restrict access to application servers and want to use AD for authentication. If so, then I suggest incorporating Cisco Access Control Server.

With these 3 components, PIX Firewall, Windowsc 2000 AD and Cisco ACS, you can have PIX force user authentication to the ACS with in turns uses Windows 2000 AD for its user database. At the same time you can configure per user access control lists (ACLs) on the ACS which the PIX firwall will download and add to the config for access restrictions.

Let me know if this helps or I can try to explain it better.

Curtis R. Gregg

94
Views
0
Helpful
2
Replies
CreatePlease to create content