Cut Through Proxy Configuration
Before you start
Configuration of CTP
If you are new to cut through proxy, you have to know basic of CTP .
![http:www.learn-networking.in](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5x_gncHk_88MSAXyTmTxxtOg-LjaQKSJDjoZW-07aHXfuUR8vjx7wTcqha6DOh0R3H2gyl4N99rCBl9d3mjwCCMK5J0IYWInDa9ldQxtoKtshnlG5VHGyEiYwaXptDYTjFg8zaZ-GHfDC/s320/cut_main.png)
Configure ASA interface & CTP:
Configure Inside Interface :
configure terminal
interface GigabitEthernet 0/0
no shutdown
ip address 192.168.1.100
nameif inside
security-level 100
Configure Outside Interface :
configure terminal
interface GigabitEthernet 0/1
no shutdown
ip address 12.1.1.1
nameif outside
security-level 0
Configure DHCP for Inside Network :
dhcpd address 192.168.1.10-192.168.1.50 inside
dhcpd enable inside
Now configure some users in CISCO ASA database:
username vikash password vicky privilege 15
Now match protocol for which you want to enable CTP :
access-list match_list extended permit tcp any any eq 80
access-list match_list extended permit tcp any any eq 443
Now call this access list in AAA command :
aaa authentication match match_list inside LOCAL
This whole configuration you have to configure on cisco ASA and you will find that user must authenticate before access any service which use TCP port 80 & 443.
![http://www.techccna.com](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdBfT2UMWPjX-QmtsGIulRqwlep9l764KWxmgeZCfsHRWRye87NAga_O-N8o0jfLsDLxHQn1bXJvvWM6J58_owCDLQ6bY9Ixeiq-3o7OmKdOKRwB0kyR1wJDwtX9tbVzl8o6lm0iZYwXjd/s1600/http.png)
Secure Connection using HTTPS
Also, if we want that our client send their information in a secure manner, then we have to also configure a secure server using HTTPS over HTTP. This can be done using following command:
aaa authentication secure-http-client
This will change the authenctication process from HTTP to HTTPS and our communication is secure over this link.
aaa authentication secure-http-client
This will change the authenctication process from HTTP to HTTPS and our communication is secure over this link.
![http://www.techccna.com](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyTPC9-lUbpArpxwNvZkGY9LSL05wu3AcJf2P-KZKPI4PHyFCU6QwxCvymy6PY270f80RqZ2GGSN5cOlzIVRvJBa4AO23qT3tVqZVlTG5utKDWDs-KzGf9j_qADOVMfPFSmx87k_rVVAN2/s1600/firefox.png)
No comments:
Post a Comment