Hi. I am trying to apply cut-through proxy on Anyconnect clients.
I am using ASA 5505 running asa914-k8.bin
Anyconnect clients are connecting to my outside interface. I am trying to apply the cut-through proxy on those clients trying to access any http.
A partial config of my setup:
access-list authmatch extended permit tcp any4 any4 eq www
access-list authmatch2 extended permit tcp any4 any4 eq www
aaa authentication match authmatch outsidee LOCAL
aaa authentication match authmatch2 insidee LOCAL
The cut-through proxy works fine on the inside interface, but not on the outside interface. Anyconnect clients connected to the outside interface are not prompted for authentication... although the cut-through proxy related configuration is identical on bot the inside and the outside interfaces.
I did try if the cut-through worked on the outside interface when not connected via VPN- it did work. It is not working only for the Anyconnect VPN clients.
I also added a picture of the network.
Any ideas? thanks!