cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
92
Views
0
Helpful
1
Replies
Highlighted
Beginner

cisco ASA 5585 allow only domain joined computers

Dear All,

We have Cisco Firewall ASA 5585-SSP-20. Our all servers are behind the firewall. Could it be possible that only those clients only access the servers which are domain joined and do not give access to  those whom are not domained joined.

1 REPLY 1
Hall of Fame Guru

Re: cisco ASA 5585 allow only domain joined computers

If you integrate the firewall with an identity source this can be done with the use of the "identity firewall" features - essentially using user identity or AD group membership as part of an ACL.

Most of the documents are a bit dated and refer to AD agent or Context Directory Agent (CDA) as the identity source.

https://community.cisco.com/t5/security-documents/asa-idfw-identity-firewall-step-by-step-configuration/ta-p/3127806

AD Agent and CDA are mostly deprecated and the current solution involves integration via Cisco Identity Services Engine (ISE) or the lightweight version of that ISE-PIC (ISE Passive Identity Collector):

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/pic_admin_guide/PIC_admin24/PIC_admin_chapter_00.html