Cisco ASA Series Cli Configuration Manual page 1039

Software version 9.0 for the services module

Hide thumbs Also See for ASA Series:

Configuration manual (429 pages)

Getting started (31 pages)

Mount and connect (12 pages)

Table of Contents

Configuring AAA Rules for Network Access

Authenticating Directly with the ASA

If you do not want to allow HTTP, HTTPS, Telnet, or FTP through the ASA but want to authenticate

other types of traffic, you can authenticate with the ASA directly using HTTP, HTTPS, or Telnet.

This section includes the following topics:

Authenticating HTTP(S) Connections with a Virtual Server

If you enabled the redirection method of HTTP and HTTPS authentication in the

Access Authentication" section on page

authentication.

When you use HTTP authentication on the ASA (see

section on page

To continue to use basic HTTP authentication, and to enable direct authentication for HTTP and HTTPS,

enter the following command:

aaa authentication listener http[s] interface_name

port portnum

hostname(config)# aaa authentication listener http

inside redirect

If the destination HTTP server requires authentication in addition to the ASA, then to authenticate

separately with the ASA (via a AAA server) and with the HTTP server, enter the following command:

nat (inside,outside) static 10.132.16.200 service tcp 443 443

Authenticating HTTP(S) Connections with a Virtual Server, page 1-11

Authenticating Telnet Connections with a Virtual Server, page 1-12

1-7), the ASA uses basic HTTP authentication by default.

Configuring Authentication for Network Access

1-7, then you have also automatically enabled direct

the"Configuring Network Access Authentication"

(Optional) Enables the redirection method of authentication

for HTTP or HTTPS connections.

The interface_name argument is the interface on which you

want to enable listening ports. The port portnum argument

specifies the port number on which the ASA listens; the

defaults are 80 (HTTP) and 443 (HTTPS).

You can use any port number and retain the same functionality,

but be sure your direct authentication users know the port

number; redirected traffic is sent to the correct port number

automatically, but direct authenticators must specify the port

number manually.

Enter this command separately for HTTP and for HTTPS.

Cisco ASA Series CLI Configuration Guide

"Configuring Network

Show Quick Links

Chapters

Table of Contents

Troubleshooting

Cisco ASA Series Cli Configuration Manual page 1039

Hide quick links:

Chapters

Troubleshooting

Related Manuals for Cisco ASA Series

Related Products for Cisco ASA Series

This manual is also suitable for:

Table of Contents