Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Enabling the Redirection Method of Authentication for HTTP and HTTPS

41-5

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter41 Configuring AAA Rules for Network Access

Configuring Authentication for Network Access

Step4 From the AAA Server Group drop-down list, choose a server group. To add a AAA server to the server

group, click Add Server. See the “Testing Server Authentication and Authorization” section on

page 38-29 for more information.

If you chose LOCAL for the AAA server group, you can optionally add a new user by clicking Add User.

See the “Adding a User Account to the Local Database” section on page38-22 for more information.

Step5 In the Source field, add the source IP address, or click the ellipsis (...) to choose an IP address already

defined in ASDM.

Step6 In the Destination field, enter the destination IP address, or click the ellipsis (...) to choose an IP address

already defined in ASDM.

Step7 In the Service field, enter an IP service name or number for the destination service, or click the ellipsis

(...) to choose a service.

Step8 (Optional) In the Description field, enter a description.

Step9 (Optional) Click More Options to do any of the following:

•To specify a source service for TCP or UDP, enter a TCP or UDP service in the Source Service field.

•The destination service and source service must be the same. Copy and paste the destination Service

field to the Source Service field.

•To make the rule inactive, clear the Enable Rule check box.

You may not want to remove a rule, but instead turn it off.

•To set a time range for the rule, from the Time Range drop-down list, choose an existing time range.

To add a new time range, click the ellipsis (...). For more information, see the “Configuring Time

Ranges” section on page 20-15.

Step10 Click OK.

The Add Authentication Rule dialog box closes and the rule appears in the AAA Rules table.

Step11 Click Apply.

The changes are saved to the running configuration.

For more information about authentication, see the “Information About Authentication” section on

page 41-2.

Enabling the Redirection Method of Authentication for HTTP and HTTPS

This method of authentication enables HTTP(S) listening ports to authenticate network users. When you

enable a listening port, the ASA serves an authentication page for direct connections and, by enabling

redirection, for through traffic. This method also prevents the authentication credentials from continuing

to the destination server. See the “ASA Authentication Prompts” section on page41-3 for more

information about the redirection method compared to the basic method.

To enable a AAA listener, perform the following steps:

Step1 From the Configuration > Firewall > AAA Rules pane, click Advanced.

The AAA Rules Advanced Options dialog box appears.

Step2 Under Interactive Authentication, click Add.

The Add Interactive Authentication Entry dialog box appears.

Cisco Systems Enabling the Redirection Method of Authentication for HTTP and HTTPS