AAA Authentication for Traffic Passing through ASA

Unanswered Question
Jan 16th, 2009

I am setting up AAA authentication for traffic that will pass through my ASA. I am having difficulty enabling 'aaa authentication secure-http-client'. Without secure communications enabled access functions as expected. When I enable access, I get prompted for a username/password. The username/password is entered. Authentication passes (show uauth). The requested page ( switches to https://x.x.x.x (a resolved IP address for the site). Eventually (5 seconds), I am asked to accept or deny a certificated. Interestingly, the certificate is for the ASA and not the requested site (

Am I missing something?

firewall# show run aaa

aaa authentication http console TACACS+ LOCAL

aaa authentication telnet console TACACS+ LOCAL

aaa authentication serial console TACACS+ LOCAL

aaa authentication ssh console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authentication match guestnetwork_access guestnetwork RADIUS

aaa authentication secure-http-client

firewall# show access-li guestnetwork_access

access-list guestnetwork_access; 2 elements

access-list guestnetwork_access line 1 extended deny udp any eq domain (hitcnt=33)

access-list guestnetwork_access line 2 extended permit ip any (hitcnt=412)

firewall# show run aaa-s

aaa-server RADIUS protocol radius

aaa-server RADIUS (inside) host

key xxxxx

firewall# show run http

http server enable

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jens.becker Fri, 01/16/2009 - 13:50

your definition for the aaa-server is different to the aaa authentication server-group


aaa authentication http console RADIUS LOCAL

aaa authentication telnet console RADIUS LOCAL


rmeans Tue, 01/20/2009 - 07:22

I tried the change you suggested. Nothing changed. The problem continues.


This Discussion