Solved: Re: Does cut through authentication protect access to an IIS ser

baskervi · ‎12-06-2013

I have a customer who doesn't want to spend the money in purchasing SSL VPN licenses, so I began to wonder if I could protect access via cut through authentication? That would, as best as I can tell, force everyone to authenticate, even a hacker before he could do anything maliciously. Is this correct? This is a secure web server, so I also thought about using the clientless VPN - does anyone know if this is restricted to the default 2 users?

Thanks

Julio Carvajal · ‎12-06-2013

Hello,

Yes, I mean the ASA will authenticate each and all of the sessions you configure on the Cut-through proxy authentication bud.

if this is restricted to the default 2 users?

For what? Remote-access SSL?

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Karsten Iwen · ‎12-06-2013

IMO there is a *much* better solution then the Cut-Through-Proxy:

Install a reverse-proxy in a DMZ. There you terminate the HTTPS-session, authenticate the users and proxy the requests to your real server which sits in a different DMZ or even in the internal network.

Sent from Cisco Technical Support iPad App