05-06-2009 01:27 AM - edited 02-21-2020 03:26 AM
Hello All,
I have managed to get my ASA5505 to authenticate IPs for cut though proxy using Telnet and it works great.
However I want to use only Telnet for authentication and if a user has not yet authenticated and then opens a browser session they are greeted with a login screen. Is it possible to switch this feature off?
Thanks
05-06-2009 03:14 AM
You can allow only telnet traffic using cut through feature.
05-06-2009 04:24 AM
Not true Nomair_83.
You can use cut-though for any protocol but only Http(s), Telnet and FTP as authentication methods.
"access-list auth_users extended permit ip any any
aaa authentication match auth_users inside LOCAL"
Above is an extract from my config, users on the inside can not access outside unless they authenticate.
I want to know if I can switch off HTTP authentication.
05-06-2009 04:28 AM
My friend,
Thats what I meant, just allow telnet traffic in access-list rather then permit ip any any.
access-list auth-users extended permit tcp any any eq 23
05-06-2009 05:02 AM
If I do that the user will not be able to access the internet.
I want users to authenticate using telnet then be able to access Http.
I don't want them opening a browser and be prompted with the authentication prompt.
(I have a 3rd party application that will use telnet to authenticate the user transparently first.)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: