I agree to both of the previous reply. Virtual telnet (command prompt) and virtual http is only used when the services required for authentication do not support their built Authentication mechanism. The only services which support builtin authentication are FTP, telnet, SSH, HTTP/S.
Hence the appliance challenges the requestor to authenticate either through command prompt (virtual telnet) or through browser pop-up (virtual telnet). Fawad N. Khan On Mon, Feb 28, 2011 at 11:23 AM, Bruno <[email protected]> wrote: > Virtual interface should be used when you want to intercept protocols whose > authentication is not built-in on it. HTTP, HTTPS, TELNET and others have > authentication built-in with them. For instance if the destination service > were SMTP, you would have to step back on the ASA`s virtual interface and > get authenticated first and then move forward to your SMTP server > > Go to cisco docs for more examples > > On Mon, Feb 28, 2011 at 10:13 AM, Basem Hanna <[email protected]> > wrote: >> >> Not always needed. If you want to authenticate traffic other than those >> supported by the three virtual interface. Look up aaa authentication match >> command. I remember there was a Cisco example on their website back when I >> was studying you could look up as well. >> >> >> >> -B >> >> >> >> From: [email protected] >> [mailto:[email protected]] On Behalf Of kamran >> shakil >> Sent: Monday, February 28, 2011 3:24 AM >> To: [email protected] >> Subject: [OSL | CCIE_Security] [lab probe] Virtual telnet or virtual http >> in CUT THRU ??? >> >> >> >> Hello Experts! >> >> >> Talking about ASA again, well, in exam if the question asks for CUT THRU >> PROXY with ACS server , isnt it mandatory to configure virtual telnet or >> virtual http ???? >> >> if not why not ? i just got to know from some chat friends that >> virtual telnet or virtual telnet is not doing the real authentication here >> !!!! >> >> can someone shed light on it !!!! >> >> >> >> regards, >> kamran. >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
