Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA Authentication for Traffic Passing through ASA

I am setting up AAA authentication for traffic that will pass through my ASA. I am having difficulty enabling 'aaa authentication secure-http-client'. Without secure communications enabled access functions as expected. When I enable access, I get prompted for a username/password. The username/password is entered. Authentication passes (show uauth). The requested page (http://www.cisco.com) switches to https://x.x.x.x (a resolved IP address for the site). Eventually (5 seconds), I am asked to accept or deny a certificated. Interestingly, the certificate is for the ASA and not the requested site (http://www.cisco.com).

Am I missing something?

firewall# show run aaa

aaa authentication http console TACACS+ LOCAL

aaa authentication telnet console TACACS+ LOCAL

aaa authentication serial console TACACS+ LOCAL

aaa authentication ssh console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authentication match guestnetwork_access guestnetwork RADIUS

aaa authentication secure-http-client

firewall# show access-li guestnetwork_access

access-list guestnetwork_access; 2 elements

access-list guestnetwork_access line 1 extended deny udp 10.255.255.0 255.255.255.0 any eq domain (hitcnt=33)

access-list guestnetwork_access line 2 extended permit ip 10.255.255.0 255.255.255.0 any (hitcnt=412)

firewall# show run aaa-s

aaa-server RADIUS protocol radius

aaa-server RADIUS (inside) host 192.168.250.14

key xxxxx

firewall# show run http

http server enable

2 REPLIES
New Member

Re: AAA Authentication for Traffic Passing through ASA

your definition for the aaa-server is different to the aaa authentication server-group

try

aaa authentication http console RADIUS LOCAL

aaa authentication telnet console RADIUS LOCAL

...

New Member

Re: AAA Authentication for Traffic Passing through ASA

I tried the change you suggested. Nothing changed. The problem continues.

341
Views
0
Helpful
2
Replies
CreatePlease to create content