01-16-2009 01:32 PM - edited 03-10-2019 04:17 PM
I am setting up AAA authentication for traffic that will pass through my ASA. I am having difficulty enabling 'aaa authentication secure-http-client'. Without secure communications enabled access functions as expected. When I enable access, I get prompted for a username/password. The username/password is entered. Authentication passes (show uauth). The requested page (http://www.cisco.com) switches to https://x.x.x.x (a resolved IP address for the site). Eventually (5 seconds), I am asked to accept or deny a certificated. Interestingly, the certificate is for the ASA and not the requested site (http://www.cisco.com).
Am I missing something?
firewall# show run aaa
aaa authentication http console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
aaa authentication serial console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication match guestnetwork_access guestnetwork RADIUS
aaa authentication secure-http-client
firewall# show access-li guestnetwork_access
access-list guestnetwork_access; 2 elements
access-list guestnetwork_access line 1 extended deny udp 10.255.255.0 255.255.255.0 any eq domain (hitcnt=33)
access-list guestnetwork_access line 2 extended permit ip 10.255.255.0 255.255.255.0 any (hitcnt=412)
firewall# show run aaa-s
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 192.168.250.14
key xxxxx
firewall# show run http
http server enable
01-16-2009 01:50 PM
your definition for the aaa-server is different to the aaa authentication server-group
try
aaa authentication http console RADIUS LOCAL
aaa authentication telnet console RADIUS LOCAL
...
01-20-2009 07:22 AM
I tried the change you suggested. Nothing changed. The problem continues.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide