cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
728
Views
0
Helpful
2
Replies

AAA Authentication for Traffic Passing through ASA

rmeans
Level 3
Level 3

I am setting up AAA authentication for traffic that will pass through my ASA. I am having difficulty enabling 'aaa authentication secure-http-client'. Without secure communications enabled access functions as expected. When I enable access, I get prompted for a username/password. The username/password is entered. Authentication passes (show uauth). The requested page (http://www.cisco.com) switches to https://x.x.x.x (a resolved IP address for the site). Eventually (5 seconds), I am asked to accept or deny a certificated. Interestingly, the certificate is for the ASA and not the requested site (http://www.cisco.com).

Am I missing something?

firewall# show run aaa

aaa authentication http console TACACS+ LOCAL

aaa authentication telnet console TACACS+ LOCAL

aaa authentication serial console TACACS+ LOCAL

aaa authentication ssh console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authentication match guestnetwork_access guestnetwork RADIUS

aaa authentication secure-http-client

firewall# show access-li guestnetwork_access

access-list guestnetwork_access; 2 elements

access-list guestnetwork_access line 1 extended deny udp 10.255.255.0 255.255.255.0 any eq domain (hitcnt=33)

access-list guestnetwork_access line 2 extended permit ip 10.255.255.0 255.255.255.0 any (hitcnt=412)

firewall# show run aaa-s

aaa-server RADIUS protocol radius

aaa-server RADIUS (inside) host 192.168.250.14

key xxxxx

firewall# show run http

http server enable

2 Replies 2

jens.becker
Level 1
Level 1

your definition for the aaa-server is different to the aaa authentication server-group

try

aaa authentication http console RADIUS LOCAL

aaa authentication telnet console RADIUS LOCAL

...

I tried the change you suggested. Nothing changed. The problem continues.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: