How to setup Internet Access Control for LAN w/Active Directory

InfosysCase · Sep 7, 2007

I would like to integrate control for certain users of our LAN to be blocked by the ASA5510 for outbound Internet access. Currently we are blocking computers by reserved IP by excluding them from the NAT rules.

We would like to block access at a user level and integrate it with Active Directory.

This is not related in any way shape or form to VPN access.

Is there an easy way to accomplish this? To somehow set permissions on Active Directory Users, and then have the ASA5510 recognize these users and either allow or deny access.

I am aware of RADIUS, but not familiar with it.

Thank You

Supergrrover · Sep 7, 2007

I am not sure this is exactly what you are looking for but it is a start/option - Give this a look

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/fwaaa.html

You will want to install IAS (Internet Authentication Services) on the Windows box.

Brent
Systems Engineer / Consultant
CCNP, CCSP

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

How to setup Internet Access Control for LAN w/Active Directory

InfosysCase

IS-IT--Management

Supergrrover

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor