Cisco Community
English
Register
ANNOUNCEMENT - Upcoming Changes in the email address of Community email notifications - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1355
Views
0
Helpful
0
Replies
Highlighted
John Quick
Beginner
Beginner
‎04-04-2013 02:13 AM
‎04-04-2013 02:13 AM

ASA Identity Firewall CDA and Terminal Services

We have installed two two ASA service modules into our 6509 switches. They are both working fine but we are now looking into the option of using the Cisco Context Directory Agent for identity firewalling.

So far we have a VM running the Cisco ISO downloaded from the site and that connects to all our AD servers. The ASA have been registered to the CDA server and can connect to the AD servers themselves to pull down usernames and groups. I have tested that it all works with different usernames and groups and all works well.

The problem we have is that we run a number of terminal services servers that users can connect to.

I have rules on the ASA that user A can connect to server X from the terminal service server but user B cannot connect to server X.

When user A logs into the TS server he can connect to server X but if user B also logs to the TS server they can also get to server X even though there is a rule to say they cannot.

Now I understand the reason why this happens as it is because of the IP address that the user is mapped to. We have Palo Alto firewalls that uses a pluggin installed on the TS server which allows multiple users connected at the same time which would allow the rules above to work as they should.

The question is...Is there a pluggin available for the ASA's that perform a similar function.

Any help is appreciated

Labels:
10 people had this problem
0 Helpful
Reply
Latest Contents
Cisco Champion Radio: S7 | E26 Simplify your security with t...
Created by aalesna on 07-13-2020 10:31 PM
0
0
0
0
Cisco Champion Radio · S7|E26 Simplify your Security with the new SecureX platform Securing your organization is becoming increasingly complex. It may seem faster to tack on new point products to address the latest attack or protect yet another threat v... view more
#CiscoChat Live: Talos Live Threat Brief - Pandemic-related ...
Created by Kelli Glass on 07-10-2020 04:50 PM
0
0
0
0
Join us live on Tuesday, July 14 (and on demand after) to learn what impacts COVID-19 has had on the information security landscape from one of the people living that fight.
#CiscoChat Live: Talos Live Threat Brief - Pandemic-related ...
Created by Kelli Glass on 07-10-2020 04:46 PM
0
0
0
0
Join us live on Tuesday, July 14 (and on demand after) to learn what impacts COVID-19 has had on the information security landscape from one of the people living that fight. We'll take your questions live during the show and after, so post them belo... view more
TETRA Error Codes - Windows
Created by dkrull on 07-10-2020 07:10 AM
0
0
0
0
TETRA Error Codes - Windows Here are some common TETRA Error codes that you may find displayed in the dashboard as well as within the C:\Program Files\Cisco\AMP\<your_version>\sfc.exe.log or corresponding sfc.exe_<date>_<time>.logs. The... view more
AnyConnect 4.9 requires more stringent cryptography settings...
Created by Peter Davis on 07-08-2020 12:18 PM
0
15
0
15
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad