Re: ASA, Radius and Auth Proxy/Pass-thru

sloeckle · ‎11-17-2005

Hi Everyone,

I have my ASA5520 setup with radius auth on webvpn and everything is working great, even group assignment with the radius class OU=group1; etc...

I need to go a step further with this. I want users to not have to reenter the same userid and password for websites behind the asa and webvpn. I need to be able to pass this authentication to websites within webvpn whether it's owa or apache when the userid and password are the same. I cannot find any documentation on auth passthru/proxy concerning webvpn.

Thanks for your help!

Stephen

thomas.chen · ‎11-23-2005

The authentication proxy feature allows users to log in to a network or access the Internet via HTTP, with their specific access profiles automatically retrieved and applied from a TACACS+ or RADIUS server. The user profiles are active only when there is active traffic from the authenticated users.

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008017b2a4.shtml

sloeckle · ‎11-23-2005

Well, first of all we're using an ASA5520 and second, we're using WebVPN not a VPN client.

Stephen

litouch · ‎07-07-2006

Stephen,

Did you try "Auto Signon" and "SSO Servers"?

Actually I have a ASA, and "Auto Signon" is enabled. And it can work well. Wish this can help you.

BTW, did you test the Raiuds authorization? I am wondering why I can not use radius av-pair with ASA....

Ed