03-21-2008 02:43 AM - edited 03-10-2019 03:44 PM
Hi, all
I have setup a lab for aaa auth-proxy, ASA5510 version is 7.0, ACS 4.0; There are two problems as below:
1, after successful authentication by https via ASA's virtual services, the prompt page flash quickly, which even we didn't have time to see. The ASA5510's configuration is as following:
auth-prompt prompt -- Welcome to ABC company --
auth-prompt accept -- thanks, you can go ahead --
auth-prompt reject -- You are failed to be authenticated --
It seems there are no command to specify auth-prompt page's existing time at ASA5510.
Does anyone know whether it can be specified so that we can see the success page so that we know we succeed.
2, When http traffic were authenticated, ASA can challenge the prompt window, and I finished the authentication succesfully. But when I click another hyperlink which is http 8000 port, the ASA reply " Error: Must authenticate before using this service"
I want to know it is for 8000 port, or for http cache reauthentication.
Very thanks
03-27-2008 09:20 AM
With the configuration the way you have it, you will only require HTTPS to be authenticated.
Please refer to
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/fwaaa.htm#wp1046750
for details on the various possibilities for that type of configuration.
Essentially, you just need to add ssh to the authentication access-list
so that that type of traffic mandates an active authentication session.
This is assuming that an HTTPS server is listening on the TS server you
have inside. It is mandatory to have at least one of the following
service: telnet, ftp, http, https on that destination server. If you
have an HTTPS service on your TS server, just add the following to your
configuration:
access-list 170 extended permit tcp any any eq ssh
Another way to proceed would be to use a virtual telnet or http server
on the ASA. However, it mandates to use another ip address than is not
in use by the ASA interface or NAT pool.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide