Solved: Authentication capabilities of Cisco ASA (compared to ISA)

news2010a · ‎08-18-2008

Folks, imagine I need to provide authentication and log of user name who do outbound Internet browsing in my company. I know that people can use the IE browser "integrated authentication" and when using ISA, people DO NOT GET prompted for credentials.

If I use the Cisco ASA firewall, is it possible to provide same functionality without making people get prompted for authentication? How does the IE browser credentials would work with Cisco ASA in this case?

cisco24x7 · ‎08-19-2008

The key word is "Integrated Authentication"

which Cisco ASA does not support.

One thing to keep in mind is that this is

a firewall, NOT a application proxy.

Therefore, if you want "Integrated Authentication", you want to look at Bluecoat. It is a much better product than

ISA, IMHO

View solution in original post

Marwan ALshawi · ‎08-18-2008

sure u can with ASA

it is called CUT-thru proxy

for outboun, inbound inside to DMZ u can let the user authenticate first then use the http

u se this command

aaa authentication include http inside 0 0 0 0 LOCAL

local mean local dattabase

u can replace it if u have any TASAC+ or RADIUS Server

and the follwoing link will give a good example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

please, if helpful Rate

sathishd-aus · ‎08-18-2008

Integrated Authentication is not supported in cisco ASA. If you configure Cut-through proxy the users will be prompted for authentication. The timeout can be configured with xauth command in Cisco ASA.

rate me if its useful

cisco24x7 · ‎08-19-2008