I am want to configure limited internet access only to a select group of Windows AD users. The Cisco ASA5510 is integrated with LDAP server.
By referring to this link, configured the cut-through proxy on the ASA
access-list Inside_authentication extended permit tcp object-group Internal_Networks any eq ftp
aaa authentication match Inside_authentication Inside LDAP_FTP
The group name in the Windows AD is “FTP users”
When user from FTP group logs into the system in the Internal Network and makes an outbound ftp connect.
1) Will the user get prompt for username and password from ASA or since he already logged into the network will he have direct access to the ftp server meaning will not get prompt from ASA?