AAA Client Authentication, one URL possible?

Unanswered Question
Apr 9th, 2008

Hello


We have a FWSM in use with some 3.1.x software on it. The clients are authenticated via http AAA login box.

We would love to switch to https instead of http.

My tests have shown now that the https URL is always the one the client typed in into his browser. This produces an "invalid certificate" message on his browser. This is something which we can't use, so I try to get a signed certificate on the FWSM.

The problem now is, this URL is random and won't be changed to the hostname of the FWSM. Is it possible to change that behaviour?

Something like:

- client opens http(s)://www.test.com

- client gets redirected to https://fwsm.domain.com and gets no invalid certificate message (because fwsm.domain.com has a valid certificate)

- after valid authentification gets back to http(s)://www.test.com


Is that somehow possible?


Thanks,

Patrick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Tue, 04/15/2008 - 05:04

You can prevent unauthorized users from reconfiguring your switch and viewing configuration information. Typically, you want network administrators to have access to your switch while you restrict access to users who dial from outside the network through an asynchronous port, connect from outside the network through a serial port, or connect through a terminal or workstation from within the local network

http://cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swauthen.html


patoberli Tue, 04/15/2008 - 07:16

That's absolutely not what I need.

Please read my post again.


We do client authentication through tacacs over http on the FWSM.

After the client is successfully authenticated, he gets an xlate in the FWSM and is allowed to use the network.

We'd like to switch that authentication now to https.

Actions

This Discussion