Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

AAA Client Authentication, one URL possible?

Hello

We have a FWSM in use with some 3.1.x software on it. The clients are authenticated via http AAA login box.

We would love to switch to https instead of http.

My tests have shown now that the https URL is always the one the client typed in into his browser. This produces an "invalid certificate" message on his browser. This is something which we can't use, so I try to get a signed certificate on the FWSM.

The problem now is, this URL is random and won't be changed to the hostname of the FWSM. Is it possible to change that behaviour?

Something like:

- client opens http(s)://www.test.com

- client gets redirected to https://fwsm.domain.com and gets no invalid certificate message (because fwsm.domain.com has a valid certificate)

- after valid authentification gets back to http(s)://www.test.com

Is that somehow possible?

Thanks,

Patrick

2 REPLIES
Silver

Re: AAA Client Authentication, one URL possible?

You can prevent unauthorized users from reconfiguring your switch and viewing configuration information. Typically, you want network administrators to have access to your switch while you restrict access to users who dial from outside the network through an asynchronous port, connect from outside the network through a serial port, or connect through a terminal or workstation from within the local network

http://cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swauthen.html

Re: AAA Client Authentication, one URL possible?

That's absolutely not what I need.

Please read my post again.

We do client authentication through tacacs over http on the FWSM.

After the client is successfully authenticated, he gets an xlate in the FWSM and is allowed to use the network.

We'd like to switch that authentication now to https.

163
Views
0
Helpful
2
Replies
CreatePlease to create content