Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
1
Replies

ASA5505 configuration

Not applicable

‎05-18-2017 02:52 PM

I have a 5505ASA I would like to configure to allow only specific computers to be used on it, this device is going to be in a small remote office.    I was wondering it I configure it to allow anyone of the specific computers to be connected to any port on the asa.  Any suggestions ?

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-18-2017 09:59 PM

You could use access-lists but the computers' IP addresses could be used by someone else and bypass that approach. Also if the userrs are using DHCP that would be an issue at some point.

You cannot use mac address filtering on the ASA itself - you could do that on a switch. Even mac addresses can be spoofed if the person is knowledgable.

You could restrict access to authenticated users but then you would have to setup an external tool like CDA to get user information into the ASA or else use a captive portal on the AS requiring users to authenticate everytiem they browse to an outside site. The latter can be seen as burdensome on the end users.

If the office is so small that direct connections to the ASA 5505 are sifficient to serve it, you could just have the office manager enforce a policy that only certain computers may be used. Enforce it by walking around and checking now and then. Old school and low tech but effective.

0 Helpful
Customers Also Viewed These Support Documents