In logs, we have loss of the authentication on the user when we let us be from the point of view of addressing 172.19.56.1 but if used the user in addressing 172.16.40.71, the authentication is good and my user can surf.
TCP_DENIED/407 does not necessarily there is issue with authentication, this HTTP code basically advising that the request require authentication and authentication been requested.
Does the user receive any pop up to enter their credentials? if it does, when authentication method that you are using, are you using NTLMSSP or LDAP(basic authentication)?
If your authentication method is using NTLMSSP, in working scenario, user will not be prompt up with credential pop up and depending on the surrogate use, TCP_DENIED/407 will still occurs in the logs for authentication request. If the pop up occurs, check the connection between WSA with the AD server and check if there are no error (do the testauthentication from the authentication realm in the GUI or CLI with testauthentication command)
If you are using basic(LDAP) authentication, pop up for credential is expected and TCP_DENIED/407 will still occurs and after those logs, it will show another log with user credential information in the log and normally with TCP_MISS/200 as the HTTP code
Get more with Firepower 6.6.1 – Cisco’s latest suggested release
The latest suggested release for Firepower delivers a Modernized UI, faster eventing, improved usability, and compatibility with the Cisco SecureX platform
In September 2020, Cisco of...
This is a work in progress. I will be working as the SME for pxGrid to update some questions, answers and general information here as time permits.
In my setup I see pending approvals under Web clients but also All Client?
In pxGrid 1.0, we have “Dynam...
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n...
Question. Our legal folks have asked if it is possible to add a footer to outbound email if it went out via TLS. So if it successfully negotiates TLS, can we add a footer that says "Sent successfully via TLS 1.2". Is this possible? ...
Segmentation Strategy - An ISE Prescriptive Guide
For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document ...