From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Tue Oct 09 2007 - 07:26:23 ART
These two are good documents:
The table below lists the AAA capabilities of the ASA/PIX, I don't think you
can 'authorize' firewall sessions using an LDAP server, only Radius and TAC+
are support for this purpose. 'However VPN' sessions can be authorized using
an LDAP server (Microsoft IAS might be an option here because it uses
Radius). Firewall sessions can be 'authenticated' to both NT and LDAP
servers tough.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/aaa.html#wp1069492
AAA Configs are separate on three different portions of the DOC-CD:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/aaa.html
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/extsvr.html
HTH
Farrukh
On 10/9/07, Felix Nkansah <felixnkansah@gmail.com> wrote:
>
> Hi,
>
> A client of mine is looking at controlling user access to the Internet
> based
> on identity. I know Microsoft ISA and other proxy solutions would do.
>
> However, I am looking at leveraging their present installation of ASA and
> Microsoft AD to provide them with this function.
>
> I know for sure that the ASA can be used to authenticate users on a web
> page
> against the AD and apply access rules accordingly (Identity-Based Access).
>
> Unfortunately, I dont seem to be getting much info on the setup and
> configuration of this requirement.
>
> If anyone knows of any source, please let me have the links. (I am not
> referring to authenticating telnet/ssh sessions on the ASA against AD
> tho).
>
> Regards,
>
> Felix
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART