Cut through proxy authentication on Cisco ASA firewall

by Ras 30. November 2011 20:49

Below is a sample of cut through proxy configuration for http and telnet on Cisco ASA firewall.

With cut through proxy everyone must be authenticated before able to pass the firewall. We are using radius authentication on this example (server ip address is 10.1.1.1).


!##  Specify aaa authentication protocol and server
ASA/pri(config)# aaa-server AuthInbound protocol radius
ASA/pri(config-aaa-server-group)# exit
ASA/pri(config)# aaa-server AuthInbound (inside) host 10.1.1.1
ASA/pri(config-aaa-server-host)# key 123
ASA/pri(config-aaa-server-host)# exit

 

!## Create the interested traffic for cut through proxy
ASA/pri(config)# access-list PROXY_AUTH extended permit tcp any any eq telnet
ASA/pri(config)# access-list PROXY_AUTH extended permit tcp any any eq www

 

!## Specify authentication for interested traffic
ASA/pri(config)# aaa authentication match PROXY_AUTH outside AuthInbound

ASA/pri(config)# aaa authentication match PROXY_AUTH outside AuthInbound

Tags:

Cisco | Security

E-Mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0)

About the author

Ras is a network/Security professional working on multiple areas with multiple certificates like CCNP, CCIP, CCSP, CCSA, CCSE, LPI, PM, IPv6, ..

Month List