mklunk79
asked on
Restrict User Internet access through a Pix firewall
I want to know the procedure, or if it is even possible, to restrict access to a group of individuals through my Cisco Pix 515 firewall. I am running a DHCP network so I can not do it by IP address. Any ideas??
It also depends on what traffic you are looking to restrict ie is it web traffic or something else?
Secondly, what is the infrastructure between your users and the PIX? Do you have an internal firewall or Proxy server between them?
Secondly, what is the infrastructure between your users and the PIX? Do you have an internal firewall or Proxy server between them?
ASKER
I want to restrict all http, https, and ftp traffice to these users. I want to continue to allow smtp traffice, just no Internet. I do not have a proxy server. I have 5 locations all connected via PTP t1 with a firewall sitting infront of the internet router. The firewall internal interface is on my LAN that connects to the core router. The external interface is public. Let me know if this did not clear up the question for you, or you need more info.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
batry boy, isn't that for incoming connections as opposed to outgoing connections?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No, it can be used for outbound connections. See the "aaa authentication" command in the PIX Firewall Command Reference for details.
Specifically,
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1111727
Regards...
Specifically,
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1111727
Regards...
Cheers,
Rajesh