Re: Repeated prompts for authentication when you open an e-mail

warrend · ‎04-29-2003

Recently my company upgraded our firewall's to a pair of 515E's in combination with Cisco ACS. So far we've only seen one real anomaly that I'd like some suggestions on. The pix is setup to require authentication in order to access the web. If a user opens an e-mail (we're running MS Exchange) and the e-mail links to the Internet to pull in all the neat graphics and other stuff you're bombarded with firewall authentications request. I'm assuming once for each item to be pulled from the Internet. But, if you have used your browser and completed the authentication process before you open the e-mail, you will not be prompted. I've had users key in their Id's and passwords a dozen + times trying to open an e-mail. Needless to say they're not happy.

What do you need to do to get that first prompt from the pix to take effect when you open the e-mail? Any help would be appreciated.

gfullage · ‎04-29-2003

You need to enable "virtual http" and "sysopt uauth allow-http-cache" on the PIX to get around this.

You're correct in assuming that the PIX is prompting you once for every different gif, jpg, link, URL, advert, etc in the HTTP email that you're trying to open. Since the browser opens a new TCP connection for each one of these, these all get authenticated by the PIX.

See the notes for bug CSCdr77921 (http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdr77921) and the command reference for the two commands I noted at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/cmdref/index.htm

Repeated prompts for authentication when you open an e-mail in MS Exchange.