cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
615
Views
2
Helpful
7
Replies

Prompting certain traffic to trigger authentication on ASA

carl_townshend
Spotlight
Spotlight

Hi All

I would like to know, is it possible to create a rule whereby traffic coming in on an interface from different networks or hosts triggers them to have to authenticate via a splash screen and use our multi factor MFA which is Duo?

cheers

7 Replies 7

MFA and DUO auth users not traffic'

So no I dont think you can do that.

MHM

Hi, I want the auth to be triggered by the traffic flowing through the firewall, is this possible? on a checkpoint you can get redirected to an auth page for example

I dont have alot info

But there is action in ACP called 

Interactive abd redirect 

The think that I do t know is it redirect the user to DUO for auth or not. 

So I will check this feature abd update you

MHM

balaji.bandi
Hall of Fame
Hall of Fame

Good question,  ASA alone can not do this here i guess  - you may need some interceptor the traffic and look for authentication process when the matches that condition.

what is the use case very anxiety know - May be thinking use WCCP to send to Proxy if this is HTTP and HTTPS traffic (just idea). or use PBR to send different system to process if the match traffic.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jonny Bacoz
Level 1
Level 1

It is indeed feasible to establish a regulation mandating that incoming traffic on an interface from various networks or hosts must undergo authentication through a splash screen and utilize multi-factor authentication (MFA) such as Duo. One common method to accomplish this is by configuring a captive portal on the network equipment, which captures the traffic and directs it to a login page where individuals are required to authenticate using Duo prior to being granted entry to the network assets.

Is this possible doing this on the ASA ?

 

balaji.bandi
Hall of Fame
Hall of Fame

May be look the option of cut through proxy :

i was not sure is this can be integrated with MFA like DUO - 

https://community.cisco.com/t5/security-knowledge-base/asa-cut-through-authentication-proxy-configuration-and-examples/ta-p/3118641

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card