cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


683
Views
0
Helpful
0
Replies
Highlighted
Enthusiast

ASA cut-through proxy works only with virtual server since 8.4(3)9

Hi

Has anybody a running configuration on v8.4(3)9 with a cut-through proxy setup, that doesn't need a virtual server?

Before upgrading a telnet session was authenticated on the ASA inband, just by configuring the corresponding "aaa authentication match some-acl inside LOCAL" command and an acl that matched the telnet session. After upgrading to 8.4(3)9 it works only when configuring and using a virtual server and having the virtual server within the authentication acl.

The loggs show the following message: "%ASA-7-109014: uauth_lookup_net fail for get_np_flow_info()"

Regarding the logging-guide this means that authorization is missing. But I only want authentication, not authorization, as this is only supported with tacacs+.

Is this a bug related to the introduction of user-identity stuff or just a new feature?