Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Authentication capabilities of Cisco ASA (compared to ISA)

Folks, imagine I need to provide authentication and log of user name who do outbound Internet browsing in my company. I know that people can use the IE browser "integrated authentication" and when using ISA, people DO NOT GET prompted for credentials.

If I use the Cisco ASA firewall, is it possible to provide same functionality without making people get prompted for authentication? How does the IE browser credentials would work with Cisco ASA in this case?

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Authentication capabilities of Cisco ASA (compared to ISA)

The key word is "Integrated Authentication"

which Cisco ASA does not support.

One thing to keep in mind is that this is

a firewall, NOT a application proxy.

Therefore, if you want "Integrated Authentication", you want to look at Bluecoat. It is a much better product than

ISA, IMHO

3 REPLIES

Re: Authentication capabilities of Cisco ASA (compared to ISA)

sure u can with ASA

it is called CUT-thru proxy

for outboun, inbound inside to DMZ u can let the user authenticate first then use the http

u se this command

aaa authentication include http inside 0 0 0 0 LOCAL

local mean local dattabase

u can replace it if u have any TASAC+ or RADIUS Server

and the follwoing link will give a good example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

please, if helpful Rate

New Member

Re: Authentication capabilities of Cisco ASA (compared to ISA)

Integrated Authentication is not supported in cisco ASA. If you configure Cut-through proxy the users will be prompted for authentication. The timeout can be configured with xauth command in Cisco ASA.

rate me if its useful

Silver

Re: Authentication capabilities of Cisco ASA (compared to ISA)

The key word is "Integrated Authentication"

which Cisco ASA does not support.

One thing to keep in mind is that this is

a firewall, NOT a application proxy.

Therefore, if you want "Integrated Authentication", you want to look at Bluecoat. It is a much better product than

ISA, IMHO

204
Views
0
Helpful
3
Replies
CreatePlease to create content