04-05-2009 12:28 PM - edited 03-10-2019 04:25 PM
Hello All,
I have a Cisco ASA 5505 device connecting my LAN to the internet using PAT/NAT. I want to restrict access to the internet on ports 80 and 443 on a per user basis.
I.e allow management staff access whilst restricting general staff.
I understand how to to this on a per device level by creating an access list blocking certain IPs out to the internet but I would like to restrict certain users.
I guess they will need to authenticate with the ASA some how.
Any pointers?
TIA.
Solved! Go to Solution.
04-06-2009 12:51 PM
You need to set up Cut through proxy in ASA.
Here is the configuration which we need to add on ASA:-
access-list WEBAUTH permit tcp any any eq 80
access-list WEBAUTH permit tcp any any eq 443
aaa authentication match WEBAUTH inside LOCAL
aaa authentication secure-http-client
aaa authentication listener http inside port www redirect
aaa authentication listener https inside port https redirect
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1043431
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/a1_72.html#wp1437427
Regards,
~JG
Do rate helpful posts
04-06-2009 12:51 PM
You need to set up Cut through proxy in ASA.
Here is the configuration which we need to add on ASA:-
access-list WEBAUTH permit tcp any any eq 80
access-list WEBAUTH permit tcp any any eq 443
aaa authentication match WEBAUTH inside LOCAL
aaa authentication secure-http-client
aaa authentication listener http inside port www redirect
aaa authentication listener https inside port https redirect
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html#wp1043431
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/a1_72.html#wp1437427
Regards,
~JG
Do rate helpful posts
04-08-2009 12:08 PM
Many thanks for your help, this the info I was looking for!
04-27-2009 07:45 AM
Thanks for your reply on this one.
Can you give me a few pointers on using a telnet session to authenticate instead of www redirect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide