Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1133
Views
0
Helpful
5
Replies

Setting up a domain user/group based HTTP access scenario

Arvo Bowen
Level 1
Level 1

‎08-12-2011 10:09 AM - edited ‎03-11-2019 02:11 PM

Note: I currently have my entire network set up to only be able to go to google.com (currently for testing).  They way I did it is explained in the following article.

https://supportforums.cisco.com/message/3411609#3411609

I have three users in a domain called MYDOM.  The three users are as follows...

UserA, UserB, and UserC

I have two lists (regex) of sites that I want the users to have access to and they are as follows...

ListA = Allow all access to all sites on the internet

ListB = Allow access to a group of sites on the internet

Now the real question...  How can I have UserA set up in ListA, then setup UserB and UserC in ListB?  The end results is UserA should be able to go to any website on the interent and all other users should be able to only get to the restricted list of sites.

Labels:
0 Helpful
5 Replies 5

praprama
Cisco Employee
Cisco Employee

‎08-23-2011 12:22 PM

Hi Arvo,

If you have it mapped it along with AD, then like Tim mentioned in the other discussion, you can use the identity based firewall solution to get this working.

Otherwise, we need to know the IP addresses of each of those users (and hope it remains same or we are going to have to keep changing the ACL as and when their IP changes) and then classify based on those IP addresses in L3 class-maps.

regards,

Prapanch

0 Helpful

Arvo Bowen
Level 1
Level 1
In response to praprama

‎08-23-2011 12:26 PM

Thanks for the responce Prapanch!  The approach I'm trying to take is the AD route so I'm going to be working on that right now...  What was the other discussion Tim said something about AD?

0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to Arvo Bowen

‎08-23-2011 01:01 PM

I was referring to the one you have linked above. His first response was to use AD and identity based firewall.

0 Helpful

Arvo Bowen
Level 1
Level 1
In response to praprama

‎08-23-2011 01:23 PM

Gezz...  it's been one of those days....  Let me look into that and I'll re-ask an actual question.

0 Helpful

Arvo Bowen
Level 1
Level 1
In response to praprama

‎08-24-2011 11:29 AM

OK, so is there a good place to find a tutorial about how to set up the ASA using my AD for user auth?

I have looked into User-Identity and have been lead to believe that I will need to set up an Application Server or a Mail Server (for the LDAP part) just to be able to authenticate my users.  Where can I set up my ASA's access directly to my AD server?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card