05-06-2009 01:27 AM - edited 02-21-2020 03:26 AM
Hello All,
I have managed to get my ASA5505 to authenticate IPs for cut though proxy using Telnet and it works great.
However I want to use only Telnet for authentication and if a user has not yet authenticated and then opens a browser session they are greeted with a login screen. Is it possible to switch this feature off?
Thanks
05-06-2009 03:14 AM
You can allow only telnet traffic using cut through feature.
05-06-2009 04:24 AM
Not true Nomair_83.
You can use cut-though for any protocol but only Http(s), Telnet and FTP as authentication methods.
"access-list auth_users extended permit ip any any
aaa authentication match auth_users inside LOCAL"
Above is an extract from my config, users on the inside can not access outside unless they authenticate.
I want to know if I can switch off HTTP authentication.
05-06-2009 04:28 AM
My friend,
Thats what I meant, just allow telnet traffic in access-list rather then permit ip any any.
access-list auth-users extended permit tcp any any eq 23
05-06-2009 05:02 AM
If I do that the user will not be able to access the internet.
I want users to authenticate using telnet then be able to access Http.
I don't want them opening a browser and be prompted with the authentication prompt.
(I have a 3rd party application that will use telnet to authenticate the user transparently first.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide