08-12-2011 10:09 AM - edited 03-11-2019 02:11 PM
Note: I currently have my entire network set up to only be able to go to google.com (currently for testing). They way I did it is explained in the following article.
https://supportforums.cisco.com/message/3411609#3411609
I have three users in a domain called MYDOM. The three users are as follows...
UserA, UserB, and UserC
I have two lists (regex) of sites that I want the users to have access to and they are as follows...
ListA = Allow all access to all sites on the internet
ListB = Allow access to a group of sites on the internet
Now the real question... How can I have UserA set up in ListA, then setup UserB and UserC in ListB? The end results is UserA should be able to go to any website on the interent and all other users should be able to only get to the restricted list of sites.
08-23-2011 12:22 PM
Hi Arvo,
If you have it mapped it along with AD, then like Tim mentioned in the other discussion, you can use the identity based firewall solution to get this working.
Otherwise, we need to know the IP addresses of each of those users (and hope it remains same or we are going to have to keep changing the ACL as and when their IP changes) and then classify based on those IP addresses in L3 class-maps.
regards,
Prapanch
08-23-2011 12:26 PM
Thanks for the responce Prapanch! The approach I'm trying to take is the AD route so I'm going to be working on that right now... What was the other discussion Tim said something about AD?
08-23-2011 01:01 PM
I was referring to the one you have linked above. His first response was to use AD and identity based firewall.
08-23-2011 01:23 PM
Gezz... it's been one of those days.... Let me look into that and I'll re-ask an actual question.
08-24-2011 11:29 AM
OK, so is there a good place to find a tutorial about how to set up the ASA using my AD for user auth?
I have looked into User-Identity and have been lead to believe that I will need to set up an Application Server or a Mail Server (for the LDAP part) just to be able to authenticate my users. Where can I set up my ASA's access directly to my AD server?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: