3

The Cisco ASA has a feature where a blocked HTTP request can be redirected to a web page hosted on the ASA itself in order to allow the web user to authenticate himself to the ASA and unblock the request. This is configured with the aaa authentication listener http <interface> redirect command documented in Configuring AAA for Network Access.

The page that the user is redirected to is generic and ugly. Is there any way to get that page to appear different? Things I can imagine include a template on the ASA that can be modified, a way to embed that page inside another web page, or some sort of CSS insertion. However, I'm open to anything.

Alternately, if anyone knows of a more configurable way to achieve the same goal of blocking network access to a web page prior to authentication, I'd be happy to consider that, too.

wfaulk
  • 6,878
  • 7
  • 46
  • 75

1 Answers1

1

As far as I know this is not possible on ASA but for what it's worth it is on IOS.

If your users are in Active Directory then you could consider using Identity Firewall instead (and optionally still use Cut-through Proxy Authentication for non-AD users). In this case you specify in your ACL which users can access which resources, e.g.

access-list identity-list1 permit ip user SAMPLE\user1 any any

And so when user1 logs in to her PC, she will transparently have access to anything, without the need to authenticate a second time to the ASA.

hertitu
  • 337
  • 1
  • 6