08-18-2008 02:14 PM - edited 03-12-2019 05:58 PM
Folks, imagine I need to provide authentication and log of user name who do outbound Internet browsing in my company. I know that people can use the IE browser "integrated authentication" and when using ISA, people DO NOT GET prompted for credentials.
If I use the Cisco ASA firewall, is it possible to provide same functionality without making people get prompted for authentication? How does the IE browser credentials would work with Cisco ASA in this case?
Solved! Go to Solution.
08-19-2008 07:11 AM
The key word is "Integrated Authentication"
which Cisco ASA does not support.
One thing to keep in mind is that this is
a firewall, NOT a application proxy.
Therefore, if you want "Integrated Authentication", you want to look at Bluecoat. It is a much better product than
ISA, IMHO
08-18-2008 06:53 PM
sure u can with ASA
it is called CUT-thru proxy
for outboun, inbound inside to DMZ u can let the user authenticate first then use the http
u se this command
aaa authentication include http inside 0 0 0 0 LOCAL
local mean local dattabase
u can replace it if u have any TASAC+ or RADIUS Server
and the follwoing link will give a good example
please, if helpful Rate
08-18-2008 11:56 PM
Integrated Authentication is not supported in cisco ASA. If you configure Cut-through proxy the users will be prompted for authentication. The timeout can be configured with xauth command in Cisco ASA.
rate me if its useful
08-19-2008 07:11 AM
The key word is "Integrated Authentication"
which Cisco ASA does not support.
One thing to keep in mind is that this is
a firewall, NOT a application proxy.
Therefore, if you want "Integrated Authentication", you want to look at Bluecoat. It is a much better product than
ISA, IMHO
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide