Cisco Cisco ASA 5525-X Adaptive Security Appliance Guía Para Resolver Problemas
access−list authmatch permit tcp any any eq 80
aaa authentication match authmatch inside LOCAL
Note that this solution works because HTTP is a protocol in which the ASA can inject authentication. The
ASA intercepts HTTP traffic and authenticates it via HTTP authentication. Because the authentication is
injected inline, an HTTP authentication dialog box appears in the web browser as shown in this image:
ASA intercepts HTTP traffic and authenticates it via HTTP authentication. Because the authentication is
injected inline, an HTTP authentication dialog box appears in the web browser as shown in this image:
Direct Authentication
Direct authentication was previously configured with the aaa authentication include and virtual <protocol>
commands. Now, the aaa authentication match and aaa authentication listener commands are used.
commands. Now, the aaa authentication match and aaa authentication listener commands are used.
For protocols that do not support authentication natively (that is, protocols that cannot have an authentication
challenge inline), direct ASA authentication can be configured. By default, the ASA does not listen for
authentication requests. A listener can be configured on a particular port and interface with the aaa
authentication listener command.
challenge inline), direct ASA authentication can be configured. By default, the ASA does not listen for
authentication requests. A listener can be configured on a particular port and interface with the aaa
authentication listener command.
Here is a configuration example that allows TCP/3389 traffic through the ASA once a host has been
authenticated:
authenticated:
username cisco password cisco privilege 15
access−list authmatch permit tcp any any eq 3389
access−list authmatch permit tcp any host 10.245.112.1 eq 5555
aaa authentication match authmatch inside LOCAL
aaa authentication listener http inside port 5555