Hello everyone, I started the New year with my resolution to get back to CCIE studies and immediately I was challenged by the client of us asking to configure them network access controls with cut-through proxy authentication.
Their particular task was to authentication the traffic that is not part of four well-known protocols (FTP, Telnet, HTTP and HTTPs) that would trigger authentication in the classic situation. They need to authenticate RDP and SSH traffic through the ASA and I followed this document published at Cisco support forum: https://supportforums.cisco.com/docs/DOC-14842 My intention was to have users open their web browser, connect to the ASA interface IP address via HTTPS, authenticate and voila, the RDP and SSH traffic defined in the authentication ACL would be authenticated. I.e. access-list CTP_AUTH extended permit tcp any any eq https access-list CTP_AUTH extended permit tcp any any eq 3389 access-list CTP_AUTH extended permit tcp any any eq ssh aaa authentication match CTP_AUTH inside LOCAL aaa authentication listener https inside port 1111 Then I go to https://192.168.1.200:1111 (where 192.168.1.200 is the ASA inside IP address) to authentication against a local user database and it doesn't work. The ASA rewrites the URL and says "File not found". I don't want to use virtual HTTP for the reasons described in the above said document. Am I missing something? Is it really an approvement or just a documentation defect misleading people ? Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
