Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
3
Replies

How to block non-domain users

majedalanni
Level 1
Level 1

‎12-17-2010 08:30 AM - edited ‎03-11-2019 12:24 PM

Dears

I have question about how to block a non-domain user that have an IP from the inside network from accessing the internet by The Cisco ASA 5520.

Thanks in advance.

Mike

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎12-17-2010 12:40 PM

Hi Mike,

The ASA normally will block based on IP address.

So, if you want to block an IP address, it's very easy with an ACL.

If you want to block a user (it's hard to do it on the ASA because the ASA would not authenticate the user when tries to go to the Internet does it)?

For example, there's a feature called Authentication Proxy which the ASA prompts a user/pass to each user when wants to go to the Internet (but you need an external authentication server or database).

If he has a static IP its easy to block it otherwise the ASA should participate in the authentication to be able to block it.

Federico.

0 Helpful

majedalanni
Level 1
Level 1
In response to Federico Coto Fajardo

‎12-17-2010 02:30 PM

Hi,

What about per user override feature. Does it help me? I have Radius server same on AD server for my VPN clients.

Mike

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to majedalanni

‎12-18-2010 10:21 AM

Per user override will apply the ACL after the authentication result.

The idea is apply the filter to the user after authentication based on the user credentials.

Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card