We have installed two two ASA service modules into our 6509 switches. They are both working fine but we are now looking into the option of using the Cisco Context Directory Agent for identity firewalling.
So far we have a VM running the Cisco ISO downloaded from the site and that connects to all our AD servers. The ASA have been registered to the CDA server and can connect to the AD servers themselves to pull down usernames and groups. I have tested that it all works with different usernames and groups and all works well.
The problem we have is that we run a number of terminal services servers that users can connect to.
I have rules on the ASA that user A can connect to server X from the terminal service server but user B cannot connect to server X.
When user A logs into the TS server he can connect to server X but if user B also logs to the TS server they can also get to server X even though there is a rule to say they cannot.
Now I understand the reason why this happens as it is because of the IP address that the user is mapped to. We have Palo Alto firewalls that uses a pluggin installed on the TS server which allows multiple users connected at the same time which would allow the rules above to work as they should.
The question is...Is there a pluggin available for the ASA's that perform a similar function.
Cisco Champion Radio · S7|E26 Simplify your Security with the new SecureX platform
Securing your organization is becoming increasingly complex. It may seem faster to tack on new point products to address the latest attack or protect yet another threat v...
Join us live on Tuesday, July 14 (and on demand after) to learn what impacts COVID-19 has had on the information security landscape from one of the people living that fight.
We'll take your questions live during the show and after, so post them belo...
TETRA Error Codes - Windows
Here are some common TETRA Error codes that you may find displayed in the dashboard as well as within the C:\Program Files\Cisco\AMP\<your_version>\sfc.exe.log or corresponding sfc.exe_<date>_<time>.logs. The...
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin...