Repeated prompts for authentication when you open an e-mail in MS Exchange.
Recently my company upgraded our firewall's to a pair of 515E's in combination with Cisco ACS. So far we've only seen one real anomaly that I'd like some suggestions on. The pix is setup to require authentication in order to access the web. If a user opens an e-mail (we're running MS Exchange) and the e-mail links to the Internet to pull in all the neat graphics and other stuff you're bombarded with firewall authentications request. I'm assuming once for each item to be pulled from the Internet. But, if you have used your browser and completed the authentication process before you open the e-mail, you will not be prompted. I've had users key in their Id's and passwords a dozen + times trying to open an e-mail. Needless to say they're not happy.
What do you need to do to get that first prompt from the pix to take effect when you open the e-mail? Any help would be appreciated.
Re: Repeated prompts for authentication when you open an e-mail
You need to enable "virtual http" and "sysopt uauth allow-http-cache" on the PIX to get around this.
You're correct in assuming that the PIX is prompting you once for every different gif, jpg, link, URL, advert, etc in the HTTP email that you're trying to open. Since the browser opens a new TCP connection for each one of these, these all get authenticated by the PIX.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...