Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Repeated prompts for authentication when you open an e-mail in MS Exchange.

Recently my company upgraded our firewall's to a pair of 515E's in combination with Cisco ACS. So far we've only seen one real anomaly that I'd like some suggestions on. The pix is setup to require authentication in order to access the web. If a user opens an e-mail (we're running MS Exchange) and the e-mail links to the Internet to pull in all the neat graphics and other stuff you're bombarded with firewall authentications request. I'm assuming once for each item to be pulled from the Internet. But, if you have used your browser and completed the authentication process before you open the e-mail, you will not be prompted. I've had users key in their Id's and passwords a dozen + times trying to open an e-mail. Needless to say they're not happy.

What do you need to do to get that first prompt from the pix to take effect when you open the e-mail? Any help would be appreciated.

  • Other Security Subjects
1 REPLY
Cisco Employee

Re: Repeated prompts for authentication when you open an e-mail

You need to enable "virtual http" and "sysopt uauth allow-http-cache" on the PIX to get around this.

You're correct in assuming that the PIX is prompting you once for every different gif, jpg, link, URL, advert, etc in the HTTP email that you're trying to open. Since the browser opens a new TCP connection for each one of these, these all get authenticated by the PIX.

See the notes for bug CSCdr77921 (http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdr77921) and the command reference for the two commands I noted at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/cmdref/index.htm

83
Views
0
Helpful
1
Replies
This widget could not be displayed.