https://community.cisco.com/t5/network-security/aaa-client-authentication-one-url-possible/m-p/1023515#M939570 <HTML><HEAD></HEAD><BODY><P>You can prevent unauthorized users from reconfiguring your switch and viewing configuration information. Typically, you want network administrators to have access to your switch while you restrict access to users who dial from outside the network through an asynchronous port, connect from outside the network through a serial port, or connect through a terminal or workstation from within the local network </P><P><A class="jive-link-custom" href="http://cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swauthen.html" target="_blank">http://cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swauthen.html</A> </P><P></P></BODY></HTML> Tue, 15 Apr 2008 12:04:43 GMT ebreniz 2008-04-15T12:04:43Z https://community.cisco.com/t5/network-security/aaa-client-authentication-one-url-possible/m-p/1023514#M939569 <P>Hello</P><P></P><P>We have a FWSM in use with some 3.1.x software on it. The clients are authenticated via http AAA login box.</P><P>We would love to switch to https instead of http.</P><P>My tests have shown now that the https URL is always the one the client typed in into his browser. This produces an "invalid certificate" message on his browser. This is something which we can't use, so I try to get a signed certificate on the FWSM.</P><P>The problem now is, this URL is random and won't be changed to the hostname of the FWSM. Is it possible to change that behaviour?</P><P>Something like: </P><P>- client opens http(s)://<A href="http://www.test.com" target="_blank">www.test.com</A></P><P>- client gets redirected to <A class="jive-link-custom" href="https://fwsm.domain.com" target="_blank">https://fwsm.domain.com</A> and gets no invalid certificate message (because fwsm.domain.com has a valid certificate)</P><P>- after valid authentification gets back to http(s)://<A href="http://www.test.com" target="_blank">www.test.com</A></P><P></P><P>Is that somehow possible?</P><P></P><P>Thanks,</P><P>Patrick</P> Mon, 11 Mar 2019 12:28:48 GMT https://community.cisco.com/t5/network-security/aaa-client-authentication-one-url-possible/m-p/1023514#M939569 patoberli 2019-03-11T12:28:48Z https://community.cisco.com/t5/network-security/aaa-client-authentication-one-url-possible/m-p/1023515#M939570 <HTML><HEAD></HEAD><BODY><P>You can prevent unauthorized users from reconfiguring your switch and viewing configuration information. Typically, you want network administrators to have access to your switch while you restrict access to users who dial from outside the network through an asynchronous port, connect from outside the network through a serial port, or connect through a terminal or workstation from within the local network </P><P><A class="jive-link-custom" href="http://cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swauthen.html" target="_blank">http://cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swauthen.html</A> </P><P></P></BODY></HTML> Tue, 15 Apr 2008 12:04:43 GMT https://community.cisco.com/t5/network-security/aaa-client-authentication-one-url-possible/m-p/1023515#M939570 ebreniz 2008-04-15T12:04:43Z https://community.cisco.com/t5/network-security/aaa-client-authentication-one-url-possible/m-p/1023516#M939571 <HTML><HEAD></HEAD><BODY><P>That's absolutely not what I need. </P><P>Please read my post again.</P><P></P><P>We do client authentication through tacacs over http on the FWSM.</P><P>After the client is successfully authenticated, he gets an xlate in the FWSM and is allowed to use the network.</P><P>We'd like to switch that authentication now to https.</P></BODY></HTML> Tue, 15 Apr 2008 14:16:15 GMT https://community.cisco.com/t5/network-security/aaa-client-authentication-one-url-possible/m-p/1023516#M939571 patoberli 2008-04-15T14:16:15Z