Guidence on ASA

Discussion in 'Cisco' started by Its me Earnest T., Jun 12, 2007.

  1. Couple of questions about implementing a ASA device. We plan to use RADIUS
    to authenticate users coming in.

    1) Is their a way to give specific users only access to specific resources.
    In other words if I needed the finance group to only have access to the
    finance dept resources when VPN'ed can I do this based on group or some
    other form?

    2) I only want the traffic crossing the VPN to be VPN related traffic so I
    only need certain routes. Can someone point me to any kind of docs/help
    etc... on making this happen?

    Thanks

    --
    Poor planning on your part does not constitute an emergency on my part.
    Its me Earnest T., Jun 12, 2007
    #1
    1. Advertising

  2. Its me Earnest T.

    maco

    Joined:
    Jun 13, 2007
    Messages:
    10
    You can use cut-through proxy (authentication proxy)
    Search on cisco.com for more details.

    Basic config is:

    access-list auth_this_traffic permit ip 10.55.10.0 255.255.255.0 10.23.14.0 255.255.255.0

    aaa-server MYRADIUS protocol radius
    aaa-server MYRADIUS (inside) 10.22.22.22

    aaa authentication match auth_this_traffic permit

    ---

    the 10.55.10.0/24 is subnet of your VPN clients
    the 10.23.14.0/24 is the subnet you want to control with authentication

    more practical could be using ACL with deny statement which tells us to not autheticate.. there are several ways

    ---
    Be aware! only HTTP, HTTPS, FTP, TELNET traffic can be authenticated!!!
    So when users want to access resources running on other protocol they must authenticate to some "known" service.

    Or you can configure a virtual interface:

    virtual telnet 65.45.41.54
    virtual http 65.45.41.54

    -users must first make telnet or open HTTP to the virt. interface and then can traverse to resources..

    -of course the connection must be allowed in the inbound ACL
    maco, Jun 13, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul D.
    Replies:
    11
    Views:
    891
  2. Watcher of the Skies

    HTML guidence wanted

    Watcher of the Skies, Feb 4, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    456
    Gary G. Taylor
    Feb 9, 2004
  3. =?Utf-8?B?RVFOaXNo?=

    Carrer Guidence

    =?Utf-8?B?RVFOaXNo?=, Nov 14, 2007, in forum: Microsoft Certification
    Replies:
    0
    Views:
    741
    =?Utf-8?B?RVFOaXNo?=
    Nov 14, 2007
  4. Swapnil

    Guidence

    Swapnil, May 3, 2005, in forum: MCAD
    Replies:
    3
    Views:
    464
    GoodLuck
    May 5, 2005
  5. Mahesh4482
    Replies:
    1
    Views:
    312
    Philadelphia76ears
    May 24, 2005
Loading...

Share This Page