Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Does cut through authentication protect access to an IIS server adequately

I have a customer who doesn't want to spend the money in purchasing SSL VPN licenses, so I began to wonder if I could protect access via cut through authentication? That would, as best as I can tell, force everyone to authenticate, even a hacker before he could do anything maliciously. Is this correct? This is a secure web server, so I also thought about using the clientless VPN - does anyone know if this is restricted to the default 2 users?

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions

Does cut through authentication protect access to an IIS server

Hello,

Yes, I mean the ASA will authenticate each and all of the sessions you configure on the Cut-through proxy authentication bud.

if this is restricted to the default 2 users?

For what? Remote-access SSL?

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
VIP Purple

Re: Does cut through authentication protect access to an IIS ser

IMO there is a *much* better solution then the Cut-Through-Proxy:

Install a reverse-proxy in a DMZ. There you terminate the HTTPS-session, authenticate the users and proxy the requests to your real server which sits in a different DMZ or even in the internal network.


Sent from Cisco Technical Support iPad App

2 REPLIES

Does cut through authentication protect access to an IIS server

Hello,

Yes, I mean the ASA will authenticate each and all of the sessions you configure on the Cut-through proxy authentication bud.

if this is restricted to the default 2 users?

For what? Remote-access SSL?

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
VIP Purple

Re: Does cut through authentication protect access to an IIS ser

IMO there is a *much* better solution then the Cut-Through-Proxy:

Install a reverse-proxy in a DMZ. There you terminate the HTTPS-session, authenticate the users and proxy the requests to your real server which sits in a different DMZ or even in the internal network.


Sent from Cisco Technical Support iPad App

140
Views
0
Helpful
2
Replies
CreatePlease to create content