Virtual interface should be used when you want to intercept protocols whose authentication is not built-in on it. HTTP, HTTPS, TELNET and others have authentication built-in with them. For instance if the destination service were SMTP, you would have to step back on the ASA`s virtual interface and get authenticated first and then move forward to your SMTP server
Go to cisco docs for more examples On Mon, Feb 28, 2011 at 10:13 AM, Basem Hanna <[email protected]>wrote: > Not always needed. If you want to authenticate traffic other than those > supported by the three virtual interface. Look up aaa authentication match > command. I remember there was a Cisco example on their website back when I > was studying you could look up as well. > > > > -B > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *kamran shakil > *Sent:* Monday, February 28, 2011 3:24 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] [lab probe] Virtual telnet or virtual > http in CUT THRU ??? > > > > > Hello Experts! > > > Talking about ASA again, well, in exam if the question asks for CUT THRU > PROXY with ACS server , isnt it mandatory to configure virtual telnet or > virtual http ???? > > if not why not ? i just got to know from some chat friends that virtual > telnet or virtual telnet is not doing the real authentication here !!!! > > can someone shed light on it !!!! > > > > regards, > kamran. > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
