cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
941
Views
0
Helpful
0
Replies

ASA cut-through proxy works only with virtual server since 8.4(3)9

ROBERTO GIANA
Level 4
Level 4

Hi

Has anybody a running configuration on v8.4(3)9 with a cut-through proxy setup, that doesn't need a virtual server?

Before upgrading a telnet session was authenticated on the ASA inband, just by configuring the corresponding "aaa authentication match some-acl inside LOCAL" command and an acl that matched the telnet session. After upgrading to 8.4(3)9 it works only when configuring and using a virtual server and having the virtual server within the authentication acl.

The loggs show the following message: "%ASA-7-109014: uauth_lookup_net fail for get_np_flow_info()"

Regarding the logging-guide this means that authorization is missing. But I only want authentication, not authorization, as this is only supported with tacacs+.

Is this a bug related to the introduction of user-identity stuff or just a new feature?

0 Replies 0
Review Cisco Networking for a $25 gift card