ASA5505 - Http & Telnet Autentication

mackeyuk · ‎05-06-2009

Hello All,

I have managed to get my ASA5505 to authenticate IPs for cut though proxy using Telnet and it works great.

However I want to use only Telnet for authentication and if a user has not yet authenticated and then opens a browser session they are greeted with a login screen. Is it possible to switch this feature off?

Thanks

nomair_83 · ‎05-06-2009

You can allow only telnet traffic using cut through feature.

mackeyuk · ‎05-06-2009

Not true Nomair_83.

You can use cut-though for any protocol but only Http(s), Telnet and FTP as authentication methods.

"access-list auth_users extended permit ip any any

aaa authentication match auth_users inside LOCAL"

Above is an extract from my config, users on the inside can not access outside unless they authenticate.

I want to know if I can switch off HTTP authentication.

nomair_83 · ‎05-06-2009

My friend,

Thats what I meant, just allow telnet traffic in access-list rather then permit ip any any.

access-list auth-users extended permit tcp any any eq 23

mackeyuk · ‎05-06-2009

If I do that the user will not be able to access the internet.

I want users to authenticate using telnet then be able to access Http.

I don't want them opening a browser and be prompted with the authentication prompt.

(I have a 3rd party application that will use telnet to authenticate the user transparently first.)