06-27-2007 10:26 PM - edited 03-11-2019 03:36 AM
Hi,
I have PIX 515E implemented in my network,there 200 lan users are there ,out of them 10 users are SAP users,they used to access the SAPserver.com site very frequently,I want to allow them to access only the SAPservers.com,I do not want to allow them to access the other web sites other than SAPservers.Can I do it with PIX515E.Please help me how to do it.
Thanks and Regards,
S.Venkataraman.
06-28-2007 04:17 AM
You can do true URL filtering using N2H2 or websense products. If you don't want to invest in a 3rd party product, you will have to look up the IP addresses of the hosts that you want to allow them access to and custom create ACL's. You could also use nbar with a policy-map/class-map if you have an IOS router somewhere in the path of data.
06-28-2007 04:21 AM
Hi,
This can be achieved if you do authentication of pass through http traffic through RADIUS (ACS)
aaa authentication include http inside
After authentication from radius on per user basis you can download ACL (from radius dynamically) which can allow or deny a traffic for user.
Following link can give you more information on pass through authentication:
Following link can give you more information on downloading ACL's through Radius:
Hope this helps.
Regards
Rohit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide