I have a PIX501 and wish to set-up access rights for certain users on the local network.
I am using a basic
access-list acl_in deny tcp host 192.168.1.11 any
access-list acl_in deny udp host 192.168.1.11 any
access-list acl_in permit tcp host 192.168.1.9 any
access-list acl_in permit udp host 192.168.1.9 any
scheme but I want to have more flexible control of 192.168.1.11 e.g. maybe allowing 192.168.1.11 access to google and yahoo but nothing else or I may only want to allow access at certain times of the day. I also want to allow 192.168.1.9 access to web sites but not pop3 services.
What would be the most cost-effective way of doing this. Would I need a radius/TACACS solution and if so what is the cheapest and easiest to set-up on my Win2000 server.
PS We have 5 users so the network is not that large!
Thanks in advance
I am using a basic
access-list acl_in deny tcp host 192.168.1.11 any
access-list acl_in deny udp host 192.168.1.11 any
access-list acl_in permit tcp host 192.168.1.9 any
access-list acl_in permit udp host 192.168.1.9 any
scheme but I want to have more flexible control of 192.168.1.11 e.g. maybe allowing 192.168.1.11 access to google and yahoo but nothing else or I may only want to allow access at certain times of the day. I also want to allow 192.168.1.9 access to web sites but not pop3 services.
What would be the most cost-effective way of doing this. Would I need a radius/TACACS solution and if so what is the cheapest and easiest to set-up on my Win2000 server.
PS We have 5 users so the network is not that large!
Thanks in advance