05-05-2010 08:12 AM - edited 03-11-2019 10:41 AM
Hi all,
I just want to ask if ASA can perform like lock & key like router's IOS security feature???
The point is I want to put ASA as the access control between 2 internal departments. I want the ASA to be transparent so there's no hop and no NAT between them. I just want if people from department A want to access servers in department B, they have tobe authenticated first and a dynamic acl would be applied in the ASA to allow the traffic according to their priviledge. Is this feature called "cut through proxy"?
And I want to authenticate it using radius from ACS and ASA should retrieve dynamic acl from ACS according to user database, and if the ACS would fall, ASA would use local database and predefined dynamic acl in it.
Regards,
Charles Chia
Solved! Go to Solution.
05-05-2010 09:37 AM
The acl before is only just used for triggering the authenticationright?Yes
and after the authentication is successful, ASA could getdynamic acl applied based on the user, right?You don't see the ACL like on the router but it practically denies the host.
And could it be applied in transparent mode ASA? Yes
Could you provide me the link of complete guide regarding all the feature and options for configuring this ASA proxy???
I hope it helps.
PK
05-05-2010 09:13 AM
Yes that is auth proxy functionality.
The ASA proxy matches traffic on and ACL and first authenticates the users that match it.
It can authenticate against RADIUS, LOCAL, or TACACS.
I hope it helps.
PK
05-05-2010 09:26 AM
Hi PK,
When u said that the ASA proxy will match the traffic on ACL defined in matched statement, it then will be authenticated. The acl before is only just used for triggering the authentication right? and after the authentication is successful, ASA could get dynamic acl applied based on the user, right? And could it be applied in transparent mode ASA?
Could you provide me the link of complete guide regarding all the feature and options for configuring this ASA proxy???
05-05-2010 09:37 AM
The acl before is only just used for triggering the authenticationright?Yes
and after the authentication is successful, ASA could getdynamic acl applied based on the user, right?You don't see the ACL like on the router but it practically denies the host.
And could it be applied in transparent mode ASA? Yes
Could you provide me the link of complete guide regarding all the feature and options for configuring this ASA proxy???
I hope it helps.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide