Cut Through Proxy Configuration
Before you start
Configuration of CTP
If you are new to cut through proxy, you have to know basic of CTP .
Configure ASA interface & CTP:
Configure Inside Interface :
configure terminal
interface GigabitEthernet 0/0
no shutdown
ip address 192.168.1.100
nameif inside
security-level 100
Configure Outside Interface :
configure terminal
interface GigabitEthernet 0/1
no shutdown
ip address 12.1.1.1
nameif outside
security-level 0
Configure DHCP for Inside Network :
dhcpd address 192.168.1.10-192.168.1.50 inside
dhcpd enable inside
Now configure some users in CISCO ASA database:
username vikash password vicky privilege 15
Now match protocol for which you want to enable CTP :
access-list match_list extended permit tcp any any eq 80
access-list match_list extended permit tcp any any eq 443
Now call this access list in AAA command :
aaa authentication match match_list inside LOCAL
This whole configuration you have to configure on cisco ASA and you will find that user must authenticate before access any service which use TCP port 80 & 443.
Secure Connection using HTTPS
Also, if we want that our client send their information in a secure manner, then we have to also configure a secure server using HTTPS over HTTP. This can be done using following command:
aaa authentication secure-http-client
This will change the authenctication process from HTTP to HTTPS and our communication is secure over this link.
aaa authentication secure-http-client
This will change the authenctication process from HTTP to HTTPS and our communication is secure over this link.
Hello, my name is Jack Sparrow. I'm a 50 year old self-employed Pirate from the Caribbean.
No comments:
Post a Comment