Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

ASA web proxy?

Does anyone know if the ASA has a built in web proxy like competing products? Basically, I want to proxy all internal users and authenticate them against Active Directory. Based upon their group permissions, I want to be able to configure what kinds of websites they can gain access to.

If the product can't do this - will it at least allow me to authenticate users for access to the internet? Anything else I can configure to limit what access they have?

Thanks,

Jim

1 REPLY

Re: ASA web proxy?

AFAIK the ASA will not work like that, however you might be able to configure it somehow like that.

Using DAP and cut-through proxy, you can choose a list of access-lists that will be pushed to the user based on their group membership after they authenticate.

Using LDAP as the authentication protocol and retrieving the LDAP attributes like memberOf you can use DAP to enforce this kind of network ACL where you can chose what remote destination will this user be able to reach, unfortunately this is not as granular as defining the NAMES of your sites rather your IP Addresses.

https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/vpn_dap.html

HTH

2592
Views
0
Helpful
1
Replies
CreatePlease to create content