Cisco ASA and PIX Firewall Handbook

5-5. Configuring AAA for End-User Cut-Through Proxy

A firewall can be configured to require users to authenticate before connections are permitted. As soon as an authentication is successful, it is cached and used to permit subsequent connections from the same user.

The firewall functions as an authentication proxy, because cached authentication information is used in place of repeated authentication credentials entered by the user. Connections simply “cut through” the firewall in a very efficient fashion.

Devices that initiate connections but can't participate in authentication (Cisco IP phones, for example) can be exempted from AAA and allowed to pass through the firewall.

Authenticating Users Passing Through

You can use the following steps ...

Get Cisco ASA and PIX Firewall Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cisco ASA and PIX Firewall Handbook by Dave Hucaby

5-5. Configuring AAA for End-User Cut-Through Proxy

Authenticating Users Passing Through

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly