ASA Cut-Through Proxy Authentication Option 5

I just completed Option 4 of this task, and I was stuck for a while because I was simply getting a 404 not found error.

It turns out, that you have to go to http://137.1.17.17:4444/netaccess/connstatus.html

I assumed the proxy would work if I just opened any connection to port 4444…  This isn't explicitly spelled out in the workbook.

In case anyone is interested, here is the portion that explains this in the the DOC-CD:

You can authenticate directly with the ASA at the following URLs when you enable AAA for the interface:

http://interface_ip[:port]/netaccess/connstatus.html
https://interface_ip[:port]/netaccess/connstatus.html

Without virtual HTTP, the same username and password that you used to authenticate with the ASA are sent to the HTTP server; you are not prompted separately for the HTTP server username and password. Assuming the username and password are not the same for the AAA and HTTP servers, then the HTTP authentication fails.


-Dan


Comments

  • Did you read the overview part of this lab?
    Is written in there.
    Regards,
    Cristian.

    Sent from my iPhone

    On Sep 27, 2013, at 17:18, artagel <[email protected]> wrote:

    I just completed Option 4 of this task, and I was stuck for a while because I was simply getting a 404 not found error.

    It turns out, that you have to go to http://137.1.17.17:4444/netaccess/connstatus.html

    I assumed the proxy would work if I just opened any connection to port 4444…  This isn't explicitly spelled out in the workbook.

    In case anyone is interested, here is the portion that explains this in the the DOC-CD:

    You can authenticate directly with the ASA at the following URLs when you enable AAA for the interface:

    http://interface_ip[:port]/netaccess/connstatus.html
    https://interface_ip[:port]/netaccess/connstatus.html

    Without virtual HTTP, the same username and password that you used to authenticate with the ASA are sent to the HTTP server; you are not prompted separately for the HTTP server username and password. Assuming the username and password are not the same for the AAA and HTTP servers, then the HTTP authentication fails.


    -Dan





    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx
Sign In or Register to comment.