Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
872
Views
0
Helpful
0
Replies

ASA cut-through proxy works only with virtual server since 8.4(3)9

ROBERTO GIANA
Level 4
Level 4

‎04-07-2012 04:57 PM - edited ‎03-11-2019 03:51 PM

Hi

Has anybody a running configuration on v8.4(3)9 with a cut-through proxy setup, that doesn't need a virtual server?

Before upgrading a telnet session was authenticated on the ASA inband, just by configuring the corresponding "aaa authentication match some-acl inside LOCAL" command and an acl that matched the telnet session. After upgrading to 8.4(3)9 it works only when configuring and using a virtual server and having the virtual server within the authentication acl.

The loggs show the following message: "%ASA-7-109014: uauth_lookup_net fail for get_np_flow_info()"

Regarding the logging-guide this means that authorization is missing. But I only want authentication, not authorization, as this is only supported with tacacs+.

Is this a bug related to the introduction of user-identity stuff or just a new feature?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card