Cisco ASA 5505 Configuration Manual page 700
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring Authentication for Network Access
Information About Authentication
The adaptive security appliance lets you configure network access authentication using AAA servers.
This section includes the following topics:
•
•
•
•
•
•
One-Time Authentication
A user at a given IP address only needs to authenticate one time for all rules and types, until the
authentication session expires. (See the Configuration > Firewall > Advanced > Global Timeouts pane
for timeout values.) For example, if you configure the adaptive security appliance to authenticate Telnet
and FTP, and a user first successfully authenticates for Telnet, then as long as the authentication session
exists, the user does not also have to authenticate for FTP.
Applications Required to Receive an Authentication Challenge
Although you can configure the adaptive security appliance to require authentication for network access
to any protocol or service, users can authenticate directly with HTTP, HTTPS, Telnet, or FTP only. A
user must first authenticate with one of these services before the adaptive security appliance allows other
traffic requiring authentication.
The authentication ports that the adaptive security appliance supports for AAA are fixed:
•
•
•
•
Adaptive Security Appliance Authentication Prompts
For Telnet and FTP, the adaptive security appliance generates an authentication prompt.
For HTTP, the adaptive security appliance uses basic HTTP authentication by default, and provides an
authentication prompt. You can optionally configure the adaptive security appliance to redirect users to
an internal web page where they can enter their username and password (configured on the Configuration
> Firewall > AAA Rules > Advanced > AAA Rules Advanced Options dialog box; see the
Redirection Method of Authentication for HTTP and HTTPS" section on page
For HTTPS, the adaptive security appliance generates a custom login screen. You can optionally
configure the adaptive security appliance to redirect users to an internal web page where they can enter
their username and password (configured on the Configuration > Firewall > AAA Rules > Advanced >
AAA Rules Advanced Options dialog box; see the
for HTTP and HTTPS" section on page
Cisco ASA 5500 Series Configuration Guide using ASDM
33-2
One-Time Authentication, page 33-2
Applications Required to Receive an Authentication Challenge, page 33-2
Adaptive Security Appliance Authentication Prompts, page 33-2
Static PAT and HTTP, page 33-3
Authenticating Telnet Connections with a Virtual Server, page 33-7
Authenticating HTTP(S) Connections with a Virtual Server, page 33-7
Port 21 for FTP
Port 23 for Telnet
Port 80 for HTTP
Port 443 for HTTPS
Chapter 33
"Enabling the Redirection Method of Authentication
33-5).
Configuring AAA Rules for Network Access
"Enabling the
33-5).
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
