Hi all.
I've tried to use http-form authentication protocol for ssl vpn users, but when i added new aaa server and selected it in connection profile - nothing happens. I always had the "login failed" message. I run tcpdump and there wasn't any packets from the ASA to aaa server. As i understand, when someone tries to login ssl vpn, ASA should request login URL from aaa server, but ASA don't do it.
Did someone try to use http-auth for ssl vpn? is it works? maybe i forgot something?
Please, help.
I use two 5515-x asa in active/standby with 9.5 software.
in logs:
6 |
Dec 08 2015 |
00:38:45 |
113005 |
|
|
|
|
AAA user authentication Rejected : reason = Unspecified : server = y.y.y.y: user = ***** : user IP = x.x.x.x |
configuration:
aaa-server HTTP-Auth protocol http-form
aaa-server HTTP-Auth (ssl-vpn) host y.y.y.y
start-url http://y.y.y.y/login.php
action-uri http://y.y.y.y/test/test/test
user-parameter user_id
password-parameter passwd
auth-cookie-name AuthCookie
tunnel-group TunnelGroup1 type remote-access
tunnel-group TunnelGroup1 general-attributes
address-pool ssl-vpn-pool
authentication-server-group HTTP-Auth LOCAL
default-group-policy GroupPolicy1
tunnel-group TunnelGroup1 webvpn-attributes
group-alias VPN enable
group-url https://xxxx.yyyyyyy.com:23443/vpn enable
!