Auth-proxy does not work with 2611xm

Unanswered Question
Jun 10th, 2007
User Badges:

Hi there,


I configured the HTTP auth-proxy on a cisco router 2611XM (IOS 12.2 11T). The configuration is attached. Among them, 192.168.75.100 is the ACS server, 192.168.75.151 is the client machine, 192.168.75.11 is the router.

The issue is when I tried to http to 192.168.75.11 from the client, there's no aaa traffic between the router and ACS server (however, AAA works when I log in to the router).

It will highly appreciated if anyone can give me some hints.



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wjemail Tue, 06/12/2007 - 06:23
User Badges:

Hi,


Thanks for your help!

After I added the lines below:


ip http server

ip http authentication aaa


I could see the login window if I http to my router, however, the window was not like the one shown on the document you mentioned.


And, if I follow the instruction of the document to deny http to the router, I could not see any window and any aaa traffic. From the debug ip auth-proxy function, the output was as follow:


*Mar 1 00:41:49.108: AUTH-PROXY FUNC: auth_proxy_fast_path

*Mar 1 00:41:49.108: AUTH-PROXY auth_proxy_find_conn_info :

find srcaddr - 192.168.75.151, dstaddr - 192.168.75.11

ip-srcaddr 192.168.75.151

pak-srcaddr 192.168.75.1


*Mar 1 00:41:49.116: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy

*Mar 1 00:41:49.116: AUTH-PROXY FUNC: auth_proxy_get_idbsb

*Mar 1 00:41:49.116: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol

*Mar 1 00:41:49.120: AUTH-PROXY FUNC: auth_proxy_process_path

*Mar 1 00:41:49.120: SYN SEQ 2480389026 LEN 0

*Mar 1 00:41:49.124: dst_addr 3232254731 src_addr 3232254871 dst_port 80 src_port 1117

*Mar 1 00:41:49.124: AUTH-PROXY auth_proxy_find_conn_info :

find srcaddr - 192.168.75.151, dstaddr - 192.168.75.11

ip-srcaddr 192.168.75.151

pak-srcaddr 192.168.75.1

Any suggestion?

Premdeep Banga Tue, 06/12/2007 - 15:01
User Badges:
  • Gold, 750 points or more

Hi,


you don't have to http to the router. You need to open some website across the router, like google.com or some other IP other then your router ip or something like. Then that window will appear.



Regards,

Prem

wjemail Wed, 06/13/2007 - 07:52
User Badges:

Hi,


Thanks for your help!


I found an error in the sample configuration which blocked the isakmp traffic (UDP port 500), after correcting the configuration, now auth-proxy works.


Thanks again,


Jun Wang

Actions

This Discussion