https://community.cisco.com/t5/network-security/asa-direct-authentication-https/m-p/3039867#M145375 <P>I have followed the guide on the link below to configure direct authentication on ASA. HTTP part of it works fine but HTTPS doesn't.</P> <P><A href="http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113363-asa-cut-through-config-00.html" target="_blank"></A><A href="http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113363-asa-cut-through-config-00.html" target="_blank">http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113363-asa-cut-through-config-00.html</A></P> <P></P> <P>As per guide the configuration quite simple to achieve and works OK for HTTP. However, as soon as I replace HTTP with HTTPs, the web page shows a certificate error which I ignore but doesn't load anything afterwards and just keeps waiting. Any idea how to get it working?</P> <P></P> <P>interface Ethernet0<BR />&nbsp;nameif inside<BR />&nbsp;security-level 100<BR />&nbsp;ip address 20.20.20.2 255.255.255.252<BR />!<BR />interface Ethernet1<BR />&nbsp;nameif outside<BR />&nbsp;security-level 0<BR />&nbsp;ip address 10.10.10.55 255.255.255.0<BR />!<BR />access-list inside extended permit ip any any<BR />access-list outside extended permit ip any any<BR />access-list authmatch extended permit tcp any host 10.10.10.55 eq 5555<BR />access-group inside in interface inside<BR />access-group outside in interface outside<BR />user-identity default-domain LOCAL<BR />aaa authentication match authmatch outside LOCAL</P> <P>aaa authentication listener http outside port 5555<BR />http server enable<BR />http 10.10.10.0 255.255.255.0 outside</P> <P></P> <P></P> <P></P> <P></P> Tue, 12 Mar 2019 09:08:42 GMT malikyounas 2019-03-12T09:08:42Z https://community.cisco.com/t5/network-security/asa-direct-authentication-https/m-p/3039867#M145375 <P>I have followed the guide on the link below to configure direct authentication on ASA. HTTP part of it works fine but HTTPS doesn't.</P> <P><A href="http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113363-asa-cut-through-config-00.html" target="_blank"></A><A href="http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113363-asa-cut-through-config-00.html" target="_blank">http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113363-asa-cut-through-config-00.html</A></P> <P></P> <P>As per guide the configuration quite simple to achieve and works OK for HTTP. However, as soon as I replace HTTP with HTTPs, the web page shows a certificate error which I ignore but doesn't load anything afterwards and just keeps waiting. Any idea how to get it working?</P> <P></P> <P>interface Ethernet0<BR />&nbsp;nameif inside<BR />&nbsp;security-level 100<BR />&nbsp;ip address 20.20.20.2 255.255.255.252<BR />!<BR />interface Ethernet1<BR />&nbsp;nameif outside<BR />&nbsp;security-level 0<BR />&nbsp;ip address 10.10.10.55 255.255.255.0<BR />!<BR />access-list inside extended permit ip any any<BR />access-list outside extended permit ip any any<BR />access-list authmatch extended permit tcp any host 10.10.10.55 eq 5555<BR />access-group inside in interface inside<BR />access-group outside in interface outside<BR />user-identity default-domain LOCAL<BR />aaa authentication match authmatch outside LOCAL</P> <P>aaa authentication listener http outside port 5555<BR />http server enable<BR />http 10.10.10.0 255.255.255.0 outside</P> <P></P> <P></P> <P></P> <P></P> Tue, 12 Mar 2019 09:08:42 GMT https://community.cisco.com/t5/network-security/asa-direct-authentication-https/m-p/3039867#M145375 malikyounas 2019-03-12T09:08:42Z https://community.cisco.com/t5/network-security/asa-direct-authentication-https/m-p/3786028#M145377 <P><SPAN class="tlid-translation translation"><SPAN class="">Try this add:</SPAN></SPAN></P><P><SPAN class="tlid-translation translation">"aaa authentication listener <STRONG>https</STRONG> outside port 5555"</SPAN></P> Wed, 23 Jan 2019 12:41:09 GMT https://community.cisco.com/t5/network-security/asa-direct-authentication-https/m-p/3786028#M145377 flos.jiri 2019-01-23T12:41:09Z