ASA5505 - Http & Telnet Autentication

Unanswered Question

Hello All,


I have managed to get my ASA5505 to authenticate IPs for cut though proxy using Telnet and it works great.


However I want to use only Telnet for authentication and if a user has not yet authenticated and then opens a browser session they are greeted with a login screen. Is it possible to switch this feature off?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nomair_83 Wed, 05/06/2009 - 03:14
User Badges:
  • Bronze, 100 points or more

You can allow only telnet traffic using cut through feature.



Not true Nomair_83.


You can use cut-though for any protocol but only Http(s), Telnet and FTP as authentication methods.


"access-list auth_users extended permit ip any any

aaa authentication match auth_users inside LOCAL"


Above is an extract from my config, users on the inside can not access outside unless they authenticate.


I want to know if I can switch off HTTP authentication.

nomair_83 Wed, 05/06/2009 - 04:28
User Badges:
  • Bronze, 100 points or more

My friend,


Thats what I meant, just allow telnet traffic in access-list rather then permit ip any any.

access-list auth-users extended permit tcp any any eq 23





If I do that the user will not be able to access the internet.


I want users to authenticate using telnet then be able to access Http.


I don't want them opening a browser and be prompted with the authentication prompt.


(I have a 3rd party application that will use telnet to authenticate the user transparently first.)

Actions

This Discussion