11-06-2001 07:39 AM - edited 02-20-2020 09:53 PM
We are replacing our current Guardian firewalls with Cisco Pix firewalls and I am having a hard time coming up with a strategy that works for us.
What we do currently is define access by machine name. This way, a PC can be allocated a dynamic address yet still get the proper access. If necessary, this would be my fallback method of working.
We would like to move to a system where access to the internet is controlled according to the username as logged into Active Directory. The admins can get lots of access reagrdless of which terminal they are on but the data monkeys' can be more controlled.
I have looked at IAS for a solution but it is very much geared to providing access to the neetwork by remote users - we need to do it the other way yound.
We also need to control access on numerous protocols, I am not just talking web access. I might want to let some people watch streamed cricket or play halflife but not everybody.
Inbound access is only going to be to specific machines with static addresses and is not too complicated. It would be nice to have "groups" of
access rather than specify individual protocols for each user or machine but thay may not be possible.
Any help, pointers, books will be great as I am swimming out of my depth on this one.
Thanks
- Rob
11-13-2001 04:40 PM
Looks like you need to do RADIUS authentication from the PIX for the outbound connections. You can pick whatever RADIUS server you like although CiscoSecure ACS NT and Micrsoft IAS work well. Either will allow you to leverage your existing NT user base. You will have the felxibility to group your users and even provide access restrictions by apply per-user acls from the RADIUS server.
Look at the Security Tech Tips on CCO for more information on configuring the PIX for this authentication.
11-15-2001 07:03 AM
You need to use Cisco Secure ACS and configure Authentication and Authorization on the PIX.
11-15-2001 07:16 AM
Is that available for less than £4000?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide