https://community.cisco.com/t5/network-security/web-authentication-for-admission/m-p/1518491#M605774 <P>Hello All</P><P></P><P>I have a group of users connected to our network that I need to authenticate.&nbsp; These users are all on an easily identified subnet.</P><P>There's also servers on the 'other side' that we allow.</P><P>Currently we use ACLs on a 6509 switch.. where each of these special users has a static IP</P><P></P><P>What I'd like to do is put an ASA or other device in place such that the end users on the 'other side' must do a web based authentication.</P><P>I don't want any vpn/ipsec/tunneling ... just a simple authentication. </P><P></P><P>This is similar to the auth-proxy function in a Router.&nbsp; </P><P></P><P>I thought we could do this on an ASA, but can't find it in the doc.</P><P></P><P>I'm also considering using web-auth on the 3560/4948.6509 switch. </P><P></P><P></P><P>Appreciate any suggestions </P><P></P><P>Thanks in advance</P><P></P><P>Wes</P> Mon, 11 Mar 2019 19:19:29 GMT wsmith@ca.ibm.com 2019-03-11T19:19:29Z https://community.cisco.com/t5/network-security/web-authentication-for-admission/m-p/1518491#M605774 <P>Hello All</P><P></P><P>I have a group of users connected to our network that I need to authenticate.&nbsp; These users are all on an easily identified subnet.</P><P>There's also servers on the 'other side' that we allow.</P><P>Currently we use ACLs on a 6509 switch.. where each of these special users has a static IP</P><P></P><P>What I'd like to do is put an ASA or other device in place such that the end users on the 'other side' must do a web based authentication.</P><P>I don't want any vpn/ipsec/tunneling ... just a simple authentication. </P><P></P><P>This is similar to the auth-proxy function in a Router.&nbsp; </P><P></P><P>I thought we could do this on an ASA, but can't find it in the doc.</P><P></P><P>I'm also considering using web-auth on the 3560/4948.6509 switch. </P><P></P><P></P><P>Appreciate any suggestions </P><P></P><P>Thanks in advance</P><P></P><P>Wes</P> Mon, 11 Mar 2019 19:19:29 GMT https://community.cisco.com/t5/network-security/web-authentication-for-admission/m-p/1518491#M605774 wsmith@ca.ibm.com 2019-03-11T19:19:29Z https://community.cisco.com/t5/network-security/web-authentication-for-admission/m-p/1518492#M605776 <HTML><HEAD></HEAD><BODY><P>The ASA can do it and it is called cut through proxy this time. Here is a sample config <A class="active_link" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml</A></P><P></P><P>Like you said, web-auth/auth-proxy can be considered on the switch <A href="http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008009466e.shtml">http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008009466e.shtml</A> </P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Tue, 07 Dec 2010 20:36:47 GMT https://community.cisco.com/t5/network-security/web-authentication-for-admission/m-p/1518492#M605776 Panos Kampanakis 2010-12-07T20:36:47Z