Hi Eugene, The ASA tries to open up ASDM connection.
To achieve what you want configure the following: virtual http 192.168.1.99 aaa authentication listener https inside port 1111 redirect Then you'll be able to connect to https://192.168.1.99 and be redirected to port 1111 Regards, Piotr 2012/1/4 Eugene Pefti <[email protected]> > Hello everyone, > > I started the New year with my resolution to get back to CCIE studies > and immediately I was challenged by the client of us asking to configure > them network access controls with cut-through proxy authentication. > > Their particular task was to authentication the traffic that is not part > of four well-known protocols (FTP, Telnet, HTTP and HTTPs) that would > trigger authentication in the classic situation. > > They need to authenticate RDP and SSH traffic through the ASA and I > followed this document published at Cisco support forum: > > https://supportforums.cisco.com/docs/DOC-14842 > > > > My intention was to have users open their web browser, connect to the ASA > interface IP address via HTTPS, authenticate and voila, the RDP and SSH > traffic defined in the authentication ACL would be authenticated. > > > > I.e. > > access-list CTP_AUTH extended permit tcp any any eq https > access-list CTP_AUTH extended permit tcp any any eq 3389 > access-list CTP_AUTH extended permit tcp any any eq ssh > > > > aaa authentication match CTP_AUTH inside LOCAL > > aaa authentication listener https inside port 1111 > > > > Then I go to https://192.168.1.200:1111 (where 192.168.1.200 is the ASA > inside IP address) to authentication against a local user database and it > doesn't work. The ASA rewrites the URL and says "File not found". > > I don't want to use virtual HTTP for the reasons described in the above > said document. Am I missing something? Is it really an approvement or just > a documentation defect misleading people ? > > > > Eugene > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
