Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cut-Through proxy and SSH

Hi,

I am trying to get cut through proxy to authenticate SSH connectivity. If I use telnet, the firewall will proxy correctly and force local AAA authentication however, when using SSH, the connection is dropped with error :

processing uauth_error, session id: 2147483663, message: Must authenticate before using this service.

Why does the firewall not enforce AAA authentication when connecting using SSH rather than telnet??

Configured on ASA5510 SP - version 8.

Please assist?

Thanks!

1 REPLY
Cisco Employee

Re: Cut-Through proxy and SSH

Saron,

On ASA you cannot use SSH to authenticate for CTP.

Supported authentication protocols:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_fwaaa.html#wp1061184

We'd need to somehow do a man in the middle attach on SSH flows to make CTP work with SSH.

Hope this helps,

Marcin

933
Views
0
Helpful
1
Replies