https://community.cisco.com/t5/network-security/asa-identity-based-internet-access/m-p/903341#M421413 <HTML><HEAD></HEAD><BODY><P>You can use HTTP cut through proxy feature for this. Cut through proxy would give users a log-in prompt when they try to access the web through the ASA. You can configure that login prompt to point to an authentication server. If they have a valid user name and password, it will let them through. If they don't, it will block access from their IP. There are basically two parts of configuration that you will need to do.</P><P>1) HTTP Proxy</P><P>2) LDAP setup on the ASA</P><P></P><P>The document link below shows how to configure an ASA to use LDAP as an authentication server</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/extsvr.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/extsvr.html</A></P></BODY></HTML> Mon, 15 Oct 2007 18:06:37 GMT didyap 2007-10-15T18:06:37Z https://community.cisco.com/t5/network-security/asa-identity-based-internet-access/m-p/903340#M421412 <P>Hi,</P><P> </P><P>A client of mine is looking at controlling user access to the Internet based on identity. I know Microsoft ISA and other proxy solutions would do.</P><P> </P><P>However, I am looking at leveraging their present installation of ASA and Microsoft AD to provide them with this function. </P><P> </P><P>I know for sure that the ASA can be used to authenticate users on a web page against the AD and apply access rules accordingly (Identity-Based Access).</P><P> </P><P>Unfortunately, I dont seem to be getting much info on the setup and configuration of this requirement.</P><P> </P><P>If anyone knows of any source, please let me have the links. (I am not referring to authenticating telnet/ssh sessions on the ASA against AD tho).</P><P> </P><P>Regards,</P><P> </P><P>Felix</P> Fri, 21 Feb 2020 09:42:56 GMT https://community.cisco.com/t5/network-security/asa-identity-based-internet-access/m-p/903340#M421412 felixnkansah 2020-02-21T09:42:56Z https://community.cisco.com/t5/network-security/asa-identity-based-internet-access/m-p/903341#M421413 <HTML><HEAD></HEAD><BODY><P>You can use HTTP cut through proxy feature for this. Cut through proxy would give users a log-in prompt when they try to access the web through the ASA. You can configure that login prompt to point to an authentication server. If they have a valid user name and password, it will let them through. If they don't, it will block access from their IP. There are basically two parts of configuration that you will need to do.</P><P>1) HTTP Proxy</P><P>2) LDAP setup on the ASA</P><P></P><P>The document link below shows how to configure an ASA to use LDAP as an authentication server</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/extsvr.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/extsvr.html</A></P></BODY></HTML> Mon, 15 Oct 2007 18:06:37 GMT https://community.cisco.com/t5/network-security/asa-identity-based-internet-access/m-p/903341#M421413 didyap 2007-10-15T18:06:37Z