problem with cut-through proxy on asa

From: sebastan bach (sebastan.bach@gmail.com)
Date: Wed Jun 20 2007 - 20:07:13 ART

• Next message: john matijevic: "Re: Rumor mill time - Cat 6500 on R&S lab exam?"
• Previous message: mihai: "Unsused ports on switches."
• Next in thread: Tarun Pahuja: "Re: problem with cut-through proxy on asa"
• Maybe reply: Tarun Pahuja: "Re: problem with cut-through proxy on asa"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi i am configuring cut-through proxy on the asa with the acs server.

my host is on the inside and is trying to access the web server which is in
the dmz.

the question is when we do cut-through proxy in routers in the incoming
interface where the host and acs server resides we configure a access-list
permitting only tacacs traffic from the acs server to the routers;s
interface .once the user gets authenticated then his acl gets downloaded
from the acs server and gets access,.

but here in the asa if i put a acl the same way the asa doesn;t ask for
authenication . without the acl the host is prompted for authentication.

but without the acl the host is any way able to send other kinds of traffic
which are not authenticated like ping.how can i control this behaviour.

can someone pls help me on this.

regards

sebastan

• Next message: john matijevic: "Re: Rumor mill time - Cat 6500 on R&S lab exam?"
• Previous message: mihai: "Unsused ports on switches."
• Next in thread: Tarun Pahuja: "Re: problem with cut-through proxy on asa"
• Maybe reply: Tarun Pahuja: "Re: problem with cut-through proxy on asa"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:50 ART