WEB Authentication

Unanswered Question
Sep 15th, 2008

Anyone tried web authentication and proxy together. I am using ISA as a proxy. But if i am enabling the WEB authentication for that particular SSID Redirection is not happening. Expecting your valuable suggestions.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Mon, 09/15/2008 - 12:51

The issues is that the wlc needs to resolve the users homepage when he or she opens a web browser. Since there is no configuration setting for a proxy on the wlc, the wlc can't resolve the homepage and the users will get... page connot be displayed.

sreejith_r Mon, 09/15/2008 - 13:11

can we set something on the ISA server to redirect to

Scott Fella Mon, 09/15/2008 - 18:08

It will still fail, since the WLC needs to resolve the users home page. You can redirect the url, but that will not help. For webauth to work. Here is from a doc:

In the WLC versions earlier than, users must manually type in to navigate to the web authentication window. But if the same issue occurs with WLC versions later than, it is related to DNS lookup. When a user in that SSID tries to access the Internet, the management interface of the controller does a DNS query to see if the URL is valid. If it is, then it shows the authorization page, with the IP address of the virtual interface. After the user successfully logs in, the original request is allowed to pass back to the client. Therefore, ensure the DNS server is configured properly.

sreejith_r Mon, 09/15/2008 - 20:35

Without proxy web authentication is working fine. if we are putting the proxy manually then redirection is not happeneing. i think its not the issue with the DNS.

Scott Fella Tue, 09/16/2008 - 17:29

That is how it will work.... You can disable the proxy on the client and when he or she opens a browser, they will get the login page. When they hit accept they will get page can not be displayed. They will have to turn proxy back on and then will they be able to access the web. Redirect will fail since after the login... is where the redirect happens, but as you know.... page cannot be found.

If you are trying to filter the guest traffic, look into ironport or websense.

sreejith_r Tue, 09/16/2008 - 20:53


In the proxy settings there is one tab called advanced. there we can specify the ip adresses for which we dont want to use the proxy. Once we are opening the internet explorercan you specify where the traffic is going. to the managemnt interface or the virtual interface . if we exclude the ip from the proxy list it may work. right???

Scott Fella Wed, 09/17/2008 - 02:45

You can give that a try... open the vip and the management interface ip address.


This Discussion



Trending Topics - Security & Network