Blocking intenal users from internet access by ASAP

[Stranger01]

I am working in an organization and i am handling the technical & security department. So i have to handle all the issue's regarding the network problems. So i have been advised by my committee to block all internal users from accessing internet if the active directory does not show as the registered user. So what i want to know whether i can stop them from accessing by using the ASAP? If so then how? My office has active directory and cisco ASA firewall. So give me some solutions on that.

[Amie]

I don't have much idea of the cisco. So i cant give you much more information about it. But i can give you some suggestions. See what you should look at is implementing a proxy server. With the proxy server what you can do is that you can restrict the user considering the time, date, authentication status with the help of the ISA server. So you can work on this and enable the restriction by itself. Just try, hope it will work for you.

[Stranger01]

Hey thanks for your input. Well pointing to the ISA server i don't think so whether my company will allow me to go with the ISA server. So if possible can you suggest me some more operations such as TACACS and Radius support on the Pix. How to enable it? Suggest me some more information if you can help me. Anyways thanks for your suggestions it was very much useful.

[Paisley007]

Well the TACACS and Radius support on the Pix is used only for the authentication of the management sessions and not the authentication of the normal users. So if you are asked for the restriction of the normal users who are not in the active directory than you can use this TACACS and Radius support. However if you are looking to block the normal chat applications then i would suggest you to you have a more restrictive policy in your organization. So hope this information is enough for you.