We've just replaced our Fortinet Firewalls with 5525's but are struggling to get a feature working that worked great on the Fortinet firewall.
All our users use a proxy for internet access that's configured in IE but from time to time some users need to remove this proxy and go directly out to the internet, with the Fortinet devices we created a rule right at the bottom of the inside access out rule that had it authenticate users via TACACS which worked a treat and could be used from PC or laptop.
We want to do a similar thing on the 5525 and I thought the Authenticated user would give me this access but I don't seem to be able to get it to work. I've got the AD side of it working fine the ASA can pull user and groups from AD but I'm struggling to get this working for a user.
I've created a rule at the bottom of the inside access in ACL that has any source and any destination but has my AD user as a user in the rule but when I try and test it it doesn't work and when I have a look in monitoring it says no IP address associated with user.
I want to be able to pick and choose which users have this access.
How can I get this working the way I want it to?
Are you trying to authenticate users to allow them to go to the internet??? If this is the case cut-trough proxy is what you are looking for!!
Let me know if I understood your query,
Thanks for the reply, I am trying to authenticate users to allow them to go to the internet but I don't want to have authentication for all users as the majority of them use a proxy for access and that how we want it. The authentication is for a few users who need access directly out of the firewall bypassing the proxy.
I've tried the cut-through proxy but that authenticated all users including the ones using the proxy, how can I restrict this to just authenticating a group of users based on either an AD username or AD group?
Read the following, It will answer your questions:
Go to the section:
Remember to rate all of the helpful posts ( If you do not know how to rate a post just let me know)