Potashcorp2
asked on
Can Cisco ASA 5510 perform user authentication for internet access
We are currently using Checkpoint at our head office and one of our remote sites. There is a site to site VPN and users at teh remote site use Checkpoint user accounts and Radius authentication for Internet access. Not all site personnel are allowed internet access.
We will be changing shortly to a full ASA, TACACS setup at head office with an MPLS connection to the remote site. Of course the timing of the MPLS installation is horrible. The Checkoint SPLAT box at the remote site is failing.
We would like to install an ASA5510 at the remote site. The VPN setup can be done, but I don't yet know how I can control Internet access at the site. Can this be done with an ASA or do I need some type of proxy server.
We will be changing shortly to a full ASA, TACACS setup at head office with an MPLS connection to the remote site. Of course the timing of the MPLS installation is horrible. The Checkoint SPLAT box at the remote site is failing.
We would like to install an ASA5510 at the remote site. The VPN setup can be done, but I don't yet know how I can control Internet access at the site. Can this be done with an ASA or do I need some type of proxy server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try this link:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html
This is very useful together with per-user downloadable ACL's for example.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html
This is very useful together with per-user downloadable ACL's for example.
ASKER
Thanks. That is exactly what I need.
Saved me doing hours of web searching.
Saved me doing hours of web searching.
ASKER
We have not yet ordered the 5510 so I don't have manuals yet.