Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
963
Views
0
Helpful
1
Replies

ASA Direct Authentication - HTTPS

malikyounas
Level 1
Level 1

‎03-29-2017 04:57 AM - edited ‎03-12-2019 02:08 AM

I have followed the guide on the link below to configure direct authentication on ASA. HTTP part of it works fine but HTTPS doesn't.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113363-asa-cut-through-config-00.html

As per guide the configuration quite simple to achieve and works OK for HTTP. However, as soon as I replace HTTP with HTTPs, the web page shows a certificate error which I ignore but doesn't load anything afterwards and just keeps waiting. Any idea how to get it working?

interface Ethernet0
 nameif inside
 security-level 100
 ip address 20.20.20.2 255.255.255.252
!
interface Ethernet1
 nameif outside
 security-level 0
 ip address 10.10.10.55 255.255.255.0
!
access-list inside extended permit ip any any
access-list outside extended permit ip any any
access-list authmatch extended permit tcp any host 10.10.10.55 eq 5555
access-group inside in interface inside
access-group outside in interface outside
user-identity default-domain LOCAL
aaa authentication match authmatch outside LOCAL

aaa authentication listener http outside port 5555
http server enable
http 10.10.10.0 255.255.255.0 outside

Labels:
0 Helpful
1 Reply 1

flos.jiri
Level 1
Level 1

‎01-23-2019 04:41 AM

Try this add:

"aaa authentication listener https outside port 5555"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card