https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331961#M780014 <HTML><HEAD></HEAD><BODY><P>NAC is a way to go <A class="jive-link-custom" href="http://www.cisco.com/en/US/netsol/ns466/networking_solutions_package.html" target="_blank">http://www.cisco.com/en/US/netsol/ns466/networking_solutions_package.html</A>.</P><P></P><P>You can also use ACS to authenticate users before going through the ASA. You can also integrate ACS with your Active Directory.</P><P></P><P>Not very trivial tasks but the technology is there to support them.</P><P></P><P>PK</P><P></P><P></P></BODY></HTML> Wed, 14 Oct 2009 11:33:39 GMT Panos Kampanakis 2009-10-14T11:33:39Z https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331960#M779976 <P>Hello all,</P><P></P><P>Do you know if there is a way to deny trafic through a CISCO ASA for all non-domain users?</P><P></P><P>Or do we have to use a NAC system ? (and, if yes, what kind of NAC system?)</P><P></P><P>Many thanks</P><P></P><P>regards,</P> Mon, 11 Mar 2019 16:25:46 GMT https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331960#M779976 khayhuynh 2019-03-11T16:25:46Z https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331961#M780014 <HTML><HEAD></HEAD><BODY><P>NAC is a way to go <A class="jive-link-custom" href="http://www.cisco.com/en/US/netsol/ns466/networking_solutions_package.html" target="_blank">http://www.cisco.com/en/US/netsol/ns466/networking_solutions_package.html</A>.</P><P></P><P>You can also use ACS to authenticate users before going through the ASA. You can also integrate ACS with your Active Directory.</P><P></P><P>Not very trivial tasks but the technology is there to support them.</P><P></P><P>PK</P><P></P><P></P></BODY></HTML> Wed, 14 Oct 2009 11:33:39 GMT https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331961#M780014 Panos Kampanakis 2009-10-14T11:33:39Z https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331962#M780073 <HTML><HEAD></HEAD><BODY><P>If you are trying to do this for VPN connections into your ASA:</P><P>-you can deny the non-domain users from logging in with ldap attribute maps or dap</P><P>-you can also restrict access with a vpn-filter acl or webvpn type acl applied in the group policy</P></BODY></HTML> Wed, 14 Oct 2009 17:10:56 GMT https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331962#M780073 hdashnau 2009-10-14T17:10:56Z https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331963#M780103 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>ACS seems to be a good way. However, I can't find any information about authenticating trafic users on ASA with ACS. I only saw documentation on how secure access on the firewall with ACS, but nothing about authenticating users when they are trying to pass through the FW.</P><P></P><P>Can someone help me by providing me some URL about it?</P><P></P><P>Many thanks</P></BODY></HTML> Mon, 19 Oct 2009 06:59:36 GMT https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331963#M780103 khayhuynh 2009-10-19T06:59:36Z https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331964#M780123 <HTML><HEAD></HEAD><BODY><P>Hello hdashnau,</P><P></P><P>It's not for VPN connections but for all trafic from one local zone to another.</P><P></P><P>I'm still looking for a way to do that, with ACS or NAC, but i can't find any documentation on it.</P><P></P><P>Did someone already face this issue?</P><P></P><P>Many thanks,</P><P></P><P>Regards</P></BODY></HTML> Wed, 21 Oct 2009 07:43:19 GMT https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331964#M780123 khayhuynh 2009-10-21T07:43:19Z https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331965#M780139 <HTML><HEAD></HEAD><BODY><P>Hi K,</P><P>have a look at "cut-through proxy" aka "AAA for network access" :</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_fwaaa.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_fwaaa.html</A></P><P></P><P>hth</P><P>H</P></BODY></HTML> Wed, 21 Oct 2009 13:08:23 GMT https://community.cisco.com/t5/network-security/restrict-access-for-non-domain-users-on-a-cisco-asa/m-p/1331965#M780139 Herbert Baerten 2009-10-21T13:08:23Z