ASA - Cut through proxy configuration for web traffic on port 81?

jesper_petersen · ‎01-12-2011

Hello

Is it possible to force the ASA to treat traffic that it must perform AAA authentication on port 81 as web traffic?

I've tried the following:

access-list outside_authentication_LOCAL extended permit tcp any interface outside eq 81
aaa authentication match outside_authentication_LOCAL outside LOCAL

But when I navigate to the webpage at port 81 using my browser i'm presented with an error:

Error: Must authenticate before using this service.

I'm not prompted to authenticate at all. If I try the commands above using port 80, i'm prompted for a username and password.

I was hoping that I could force the ASA to treat that traffic as HTTP traffic, so that I'm being prompted for a username and password in my browser.

Is this simply not possible or am I missing some configuration?

Thank you in advance.

-- Jesper

andamani · ‎01-12-2011

hi,

You can configure the cut through proxy similar to the link below:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

Regards,

Anisha

jesper_petersen · ‎01-13-2011

Hi Anisha

Thank you for the link. I've been going over the document and I cannot seem to find information on how to make it work using a non-standard HTTP port (port 81).

Do you have any suggestions?

Thank you all.

andamani · ‎01-13-2011

hi,

Could you please attach the running config of the ASA.

Regards,

Anisha