ASA5505 - Http & Telnet Autentication

Unanswered Question

Hello All,

I have managed to get my ASA5505 to authenticate IPs for cut though proxy using Telnet and it works great.

However I want to use only Telnet for authentication and if a user has not yet authenticated and then opens a browser session they are greeted with a login screen. Is it possible to switch this feature off?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nomair_83 Wed, 05/06/2009 - 03:14

You can allow only telnet traffic using cut through feature.

Not true Nomair_83.

You can use cut-though for any protocol but only Http(s), Telnet and FTP as authentication methods.

"access-list auth_users extended permit ip any any

aaa authentication match auth_users inside LOCAL"

Above is an extract from my config, users on the inside can not access outside unless they authenticate.

I want to know if I can switch off HTTP authentication.

nomair_83 Wed, 05/06/2009 - 04:28

My friend,

Thats what I meant, just allow telnet traffic in access-list rather then permit ip any any.

access-list auth-users extended permit tcp any any eq 23

If I do that the user will not be able to access the internet.

I want users to authenticate using telnet then be able to access Http.

I don't want them opening a browser and be prompted with the authentication prompt.

(I have a 3rd party application that will use telnet to authenticate the user transparently first.)

Actions

This Discussion