AAA Client Authentication, one URL possible?

Unanswered Question
Apr 9th, 2008
User Badges:
  • Bronze, 100 points or more


We have a FWSM in use with some 3.1.x software on it. The clients are authenticated via http AAA login box.

We would love to switch to https instead of http.

My tests have shown now that the https URL is always the one the client typed in into his browser. This produces an "invalid certificate" message on his browser. This is something which we can't use, so I try to get a signed certificate on the FWSM.

The problem now is, this URL is random and won't be changed to the hostname of the FWSM. Is it possible to change that behaviour?

Something like:

- client opens http(s)://

- client gets redirected to and gets no invalid certificate message (because has a valid certificate)

- after valid authentification gets back to http(s)://

Is that somehow possible?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ebreniz Tue, 04/15/2008 - 05:04
User Badges:
  • Silver, 250 points or more

You can prevent unauthorized users from reconfiguring your switch and viewing configuration information. Typically, you want network administrators to have access to your switch while you restrict access to users who dial from outside the network through an asynchronous port, connect from outside the network through a serial port, or connect through a terminal or workstation from within the local network

patoberli Tue, 04/15/2008 - 07:16
User Badges:
  • Bronze, 100 points or more

That's absolutely not what I need.

Please read my post again.

We do client authentication through tacacs over http on the FWSM.

After the client is successfully authenticated, he gets an xlate in the FWSM and is allowed to use the network.

We'd like to switch that authentication now to https.


This Discussion