38-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter38 Configuring AAA Rules for Network Access
Configuring Authentication for Network Access
Authenticating HTTP(S) Connections with a Virtual Server
If you enabled the redirection method of HTTP and HTTPS authentication in the “Configuring Network
Access Authentication” section on page38-4, then you have also automatically enabled direct
authentication.
When you use HTTP authentication on the ASA (see the“Configuring Network Access Authentication”
section on page 38-4), the ASA uses basic HTTP authentication by default.
To continue to use basic HTTP authentication, and to enable direct authentication for HTTP and HTTPS,
enter the following command:
If the destination HTTP server requires authentication in addition to the ASA, then to authenticate
separately with the ASA (via a AAA server) and with the HTTP server, enter the following command:
Command Purpose
aaa authentication listener http[s] interface_name
[port portnum] redirect
Example:
hostname(config)# aaa authentication listener http
inside redirect
(Optional) Enables the redirection method of authentication
for HTTP or HTTPS connections.
The interface_name argument is the interface on which you
want to enable listening ports. The port portnum argument
specifies the port number on which the ASA listens; the
defaults are 80 (HTTP) and 443 (HTTPS).
You can use any port number and retain the same functionality,
but be sure your direct authentication users know the port
number; redirected traffic is sent to the correct port number
automatically, but direct authenticators must specify the port
number manually.
Enter this command separately for HTTP and for HTTPS.