https://community.cisco.com/t5/network-security/cisco-asa-cut-through-proxy-authentication-with-user-identity/m-p/2718816#M193084 <P>Hello,</P><P>&nbsp;</P><P>I'd like to implement Cut-Through Proxy LDAP Authentication with User Identity for pc that are not&nbsp;in AD domain. What about if those pc have ssh rules for example ? I guess it is not possible to intercept ssh traffic then open a listener http page to authenticate user.</P> Tue, 12 Mar 2019 06:23:03 GMT giuseppe parlato 2019-03-12T06:23:03Z https://community.cisco.com/t5/network-security/cisco-asa-cut-through-proxy-authentication-with-user-identity/m-p/2718816#M193084 <P>Hello,</P><P>&nbsp;</P><P>I'd like to implement Cut-Through Proxy LDAP Authentication with User Identity for pc that are not&nbsp;in AD domain. What about if those pc have ssh rules for example ? I guess it is not possible to intercept ssh traffic then open a listener http page to authenticate user.</P> Tue, 12 Mar 2019 06:23:03 GMT https://community.cisco.com/t5/network-security/cisco-asa-cut-through-proxy-authentication-with-user-identity/m-p/2718816#M193084 giuseppe parlato 2019-03-12T06:23:03Z https://community.cisco.com/t5/network-security/cisco-asa-cut-through-proxy-authentication-with-user-identity/m-p/2718817#M193088 <P>Hi,</P><P>So your query is that you would like Cut Thru Authentication to work for the users not in LDAP where LDAP is your AAA server ?</P><P>I don't think this should be possible as the user identity would not be known to the ASA device to apply the rules.</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Tue, 11 Aug 2015 14:11:51 GMT https://community.cisco.com/t5/network-security/cisco-asa-cut-through-proxy-authentication-with-user-identity/m-p/2718817#M193088 Vibhor Amrodia 2015-08-11T14:11:51Z https://community.cisco.com/t5/network-security/cisco-asa-cut-through-proxy-authentication-with-user-identity/m-p/2718818#M193093 <P>No sorry let me clarify, I was just wondering if there is any other way to catch traffic other then http/https for cut-through proxy autentication. I suppose the answer is no.</P> Wed, 12 Aug 2015 08:19:23 GMT https://community.cisco.com/t5/network-security/cisco-asa-cut-through-proxy-authentication-with-user-identity/m-p/2718818#M193093 giuseppe parlato 2015-08-12T08:19:23Z https://community.cisco.com/t5/network-security/cisco-asa-cut-through-proxy-authentication-with-user-identity/m-p/2718819#M193096 <P>Hi,</P><P>Actually you can.</P><P>You can refer this for more information:-</P><P>http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113363-asa-cut-through-config-00.html</P><P>http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/70992-tacacs-radius-config.html</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Wed, 12 Aug 2015 09:10:47 GMT https://community.cisco.com/t5/network-security/cisco-asa-cut-through-proxy-authentication-with-user-identity/m-p/2718819#M193096 Vibhor Amrodia 2015-08-12T09:10:47Z