Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Can Cisco ASA 5510 perform user authentication for internet access

Posted on 2008-06-23
4
2,024 Views
Last Modified: 2010-04-21
We are currently using Checkpoint at our head office and one of our remote sites. There is a site to site VPN and users at teh remote site use Checkpoint user accounts and Radius authentication for Internet access. Not all site personnel are allowed internet access.
We will be changing shortly to a full ASA, TACACS setup at head office with an MPLS connection to the remote site. Of course the timing of the MPLS installation is horrible. The Checkoint SPLAT box at the remote site is failing.
We would like to install an ASA5510 at the remote site. The VPN setup can be done, but I don't yet know how I can control Internet access at the site. Can this be done with an ASA or do I need some type of proxy server.
0
Comment
Question by:Potashcorp2
  • 2
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
AugustTen earned 500 total points
ID: 21847055
Hi, the ASA can be configured with "cut-through proxy" to challenge a user at the application layer and then authenticate against standard AAA servers or the local database.

This can be used together with filtering databases like Websense, integrated with LDAP, AD etc etc
0
 

Author Comment

by:Potashcorp2
ID: 21847135
This is probably what I want. Can you point me to any documentation on this?
We have not yet ordered the 5510 so I don't have manuals yet.
0
 
LVL 3

Expert Comment

by:AugustTen
ID: 21847188
Try this link:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html

This is very useful together with per-user downloadable ACL's for example.
0
 

Author Closing Comment

by:Potashcorp2
ID: 31469780
Thanks. That is exactly what I need.
Saved me doing hours of web searching.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to configure AT&T Netgate with Sonicwall Firewall 24 75
Botnet detection help me please 21 132
WiFi Router device supports GPON! 3 85
Sonicwall SHA issue 4 39
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question