cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1611
Views
0
Helpful
3
Replies

ASA auth-prompt prompt Please login: doesn't display the “user acceptance a

salmodov
Level 1
Level 1

The following example shows the output of the show running-config auth-prompt command:

hostname(config)# show running-config auth-prompt

auth-prompt prompt Please login:

auth-prompt accept You're in!

auth-prompt reject Try again.

hostname(config)#

I have to have a “user acceptance agreement” when logging in to VPN on a Cisco ASA 5520 ver7.2(3) I have configured it properly but when I login I never get the prompt

XXXXXX/pri/act# show running-config auth-prompt

auth-prompt prompt Please login:

auth-prompt accept You're in!

auth-prompt reject Try again.

3 Replies 3

darrenj
Level 1
Level 1

What are you trying to do here? Is this for when users VPN into the ASA? When people try ssh/telnet to the ASA or what?

auth-prompt is trypically used for cut-through proxy. This is when a user has to authenticate via the ASA before it can access certain devices through it. If its VPN agreement or ssh/telnet to the ASDM you want to look at configuring banners...

Hope that helps

Darren

We are using the ASA like a VPN Concetrator. I have it set up were users login to it and establish a VPN and authenticate against an RSA token server.

The routing and the tunnels work fine and the users do get authenticated but they never receive a propmt banner or what ever you want to call it like they do when they logon via 3030 or similar.

I even tried as you suggested and used this config they should get a banner after a successful logon but they dont. Any ideals?

banner login =====================================================================

banner login You are attempting to connect to a restricted system. Connections

banner login to and from this system are logged. Please disconnect now if you

banner login are not an authorized user of this system.

banner login =====================================================================

Yes, try applying the 'banner value' command under group policy x attributes (where x is your group policy name!). It works for me :-)

Darren

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: