programming4us
programming4us
ENTERPRISE

Identity on Cisco Firewalls : ASA User-Level Control with Cut-Through Proxy (part 2) - Simple Cut-Through Proxy

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
2/20/2015 1:10:54 AM
Scenario 1: Simple Cut-Through Proxy (No Authorization)

Example 2 depicts the operation of Cut-Through Proxy for HTTP, according to the configuration in Example 1. Authorization is analyzed starting on Scenario 2.

Note

For the examples covered in this article “user1” and “user2”, respectively belonging to groups “GROUP1” and “GROUP2” on CS-ACS, are always the reference usernames.


Example 2. HTTP Connection Is Intercepted by Cut-Through Proxy
! HTTP to 172.16.200.200 is intercepted by Cut-Through Proxy (first prompt appears)
%ASA-6-302013: Built outbound TCP connection 26 for outside:172.16.200.200/80 (172.16.200.200/80)
to dmz:172.21.21.101/1148 (172.21.21.101/1148)
%ASA-6-109001: Auth start for user '???' from 172.21.21.101/1148 to 172.16.200.200/80
!
! User enters credentials and ASA sends them to the RADIUS server (UDP/1812)

%ASA-6-302015: Built outbound UDP connection 27 for dmz:172.21.21.250/1812 (172.21.21.250/1812)
to identity:172.16.201.2/1025 (172.16.201.2/1025)
%ASA-6-113004: AAA user authentication Successful : server = 172.21.21.250 : user =user1
%ASA-7-734003: DAP: User user1, Addr 172.21.21.101: Session Attribute aaa.radius["25"]["1"] = CACS:0/13e/ac10c902/4
%ASA-7-734003: DAP: User user1, Addr 172.21.21.101: Session Attribute aaa.cisco.grouppolicy = DfltGrpPolicy
%ASA-7-734003: DAP: User user1, Addr 172.21.21.101: Session Attribute aaa.cisco.username = user1
%ASA-6-734001: DAP: User user1, Addr 172.21.21.101, Connection Cut-Through-Proxy:
The following DAP records were selected for this connection: DfltAccessPolicy
%ASA-2-109011: Authen Session Start: user 'user1', sid 4
%ASA-6-109005: Authentication succeeded for user 'user1' from 172.21.21.101/1148 to 172.16.200.200/80 on interface dmz
! ASA starts RADIUS Accounting connection (UDP/1813)

%ASA-6-302015: Built outbound UDP connection 28 for dmz:172.21.21.250/1813 (172.21.21.250/1813)
to identity:172.16.201.2/1026 (172.16.201.2/1026)
%ASA-6-113004: AAA user accounting Successful : server = 172.21.21.250 : user = user1
!
!Displaying the authenticated users

ASA1# show uauth
Current Most Seen
Authenticated Users 1 1
Authen In Progress 0 1
user 'user1' at 172.21.21.101, authenticated
absolute timeout: 0:05:00
inactivity timeout: 0:00:00


Figure 3 presents a sample RADIUS accounting record in CS-ACS. In this particular example, you can see in the “cisco-av-pair” column that both HTTP and HTTPS activities are registered.

Figure 3. Example of RADIUS Accounting Session on CS-ACS (Reports and Activity)

Other  
  •  Identity on Cisco Firewalls : Selecting the Authentication Protocol
  •  Commercial Backup Utilities : Ease of Recovery, Robustness, Automation, Volume Verification
  •  Commercial Backup Utilities : Ease of Administration, Security
  •  Commercial Backup Utilities : Support of a Standard or Custom Backup Format
  •  HP Network Node Manager 9 : Discovering and Monitoring Your Network - Examining discovery results (part 4)
  •  HP Network Node Manager 9 : Discovering and Monitoring Your Network - Examining discovery results (part 4)
  •  HP Network Node Manager 9 : Discovering and Monitoring Your Network - Examining discovery results (part 3)
  •  HP Network Node Manager 9 : Discovering and Monitoring Your Network - Examining discovery results (part 2)
  •  HP Network Node Manager 9 : Discovering and Monitoring Your Network - Examining discovery results (part 1)
  •  HP Network Node Manager 9 : Discovering and Monitoring Your Network - Limiting discovery with filters
  •  
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us
    programming4us
     
     
    programming4us