Cisco ASA 5505 Configuration Manual page 703
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 33
Configuring AAA Rules for Network Access
Enabling the Redirection Method of Authentication for HTTP and HTTPS
This method of authentication enables HTTP(S) listening ports to authenticate network users. When you
enable a listening port, the adaptive security appliance serves an authentication page for direct
connections and, by enabling redirection, for through traffic. This method also prevents the
authentication credentials from continuing to the destination server. See the
Appliance Authentication Prompts" section on page 33-2
method versus the basic method.
To enable a AAA listener, perform the following steps:
From the Configuration > Firewall > AAA Rules pane, click Advanced.
Step 1
The AAA Rules Advanced Options dialog box appears.
Under Interactive Authentication, click Add.
Step 2
The Add Interactive Authentication Entry dialog box appears.
Step 3
For the Protocol, choose either HTTP or HTTPS. You can enable both by repeating this procedure and
creating two separate rules.
From the Interface drop-down list, choose the interface on which you want to enable the listener.
Step 4
Step 5
From the Port drop-down list, choose the port or enter a number.
This is the port that the adaptive security appliance listens on for direct or redirected traffic; the defaults
are 80 (HTTP) and 443 (HTTPS). You can use any port number and retain the same functionality, but be
sure your direct authentication users know the port number; redirected traffic is sent to the correct port
number automatically, but direct authenticators must specify the port number manually.
(Optional) Check Redirect network users for authentication request.
Step 6
This option redirects through traffic to an authentication web page served by the adaptive security
appliance. Without this option, only traffic directed to the adaptive security appliance interface can
access the authentication web pages.
Note
Step 7
Click OK, and then click OK to exit the AAA Rules Advanced Options dialog box.
Click Apply.
Step 8
Enabling Secure Authentication of Web Clients
If you use HTTP authentication, by default the username and password are sent from the client to the
adaptive security appliance in clear text; in addition, the username and password are sent on to the
destination web server as well. The adaptive security appliance provides several methods of securing
HTTP authentication, including the following methods:
•
OL-20339-01
If you enable the redirect option, you cannot also configure static PAT for the same interface
where you translate the interface IP address and the same port that is used for the listener; NAT
succeeds, but authentication fails.
Enable the redirection method of authentication for HTTP—See the
Method of Authentication for HTTP and HTTPS" section on page
authentication credentials from continuing to the destination server.
Configuring Authentication for Network Access
for more information about the redirection
33-5. This method prevents the
Cisco ASA 5500 Series Configuration Guide using ASDM
"Adaptive Security
"Enabling the Redirection
33-5
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
