ASA auth-prompt prompt Please login: doesn't display the “user acceptance a

Unanswered Question
Oct 28th, 2008

The following example shows the output of the show running-config auth-prompt command:

hostname(config)# show running-config auth-prompt

auth-prompt prompt Please login:

auth-prompt accept You're in!

auth-prompt reject Try again.

hostname(config)#

I have to have a “user acceptance agreement” when logging in to VPN on a Cisco ASA 5520 ver7.2(3) I have configured it properly but when I login I never get the prompt

XXXXXX/pri/act# show running-config auth-prompt

auth-prompt prompt Please login:

auth-prompt accept You're in!

auth-prompt reject Try again.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
darrenj Tue, 10/28/2008 - 16:02

What are you trying to do here? Is this for when users VPN into the ASA? When people try ssh/telnet to the ASA or what?

auth-prompt is trypically used for cut-through proxy. This is when a user has to authenticate via the ASA before it can access certain devices through it. If its VPN agreement or ssh/telnet to the ASDM you want to look at configuring banners...

Hope that helps

Darren

salmodov Wed, 10/29/2008 - 07:08

We are using the ASA like a VPN Concetrator. I have it set up were users login to it and establish a VPN and authenticate against an RSA token server.

The routing and the tunnels work fine and the users do get authenticated but they never receive a propmt banner or what ever you want to call it like they do when they logon via 3030 or similar.

I even tried as you suggested and used this config they should get a banner after a successful logon but they dont. Any ideals?

banner login =====================================================================

banner login You are attempting to connect to a restricted system. Connections

banner login to and from this system are logged. Please disconnect now if you

banner login are not an authorized user of this system.

banner login =====================================================================

darrenj Wed, 10/29/2008 - 11:43

Yes, try applying the 'banner value' command under group policy x attributes (where x is your group policy name!). It works for me :-)

Darren

Actions

Login or Register to take actions

This Discussion

Posted October 28, 2008 at 10:03 AM
Stats:
Replies:3 Overall Rating:
Views:632 Votes:0
Shares:0
Tags: No tags.