I'm trying to set up authentication using a PIX 525 for some of our web servers. In preparation, I'm testing it on a PIX 515. For testing purposes, I'm not using a RADIUS or TACACS server.
I've implemented the following commands:
aaa-server LOCAL protocol local
access-list authlist permit tcp any any eq www
aaa authentication match authlist outside LOCAL
When these commands are used, authentication works as advertised. When I change the access-list to:
access-list authlist permit tcp any host 192.168.1.2 eq www
where 192.168.1.2 is a webserver, authentication does not occur. (We want to require authentication for some web servers but not others.) I've tried variations of the commmand but none has worked. The PIX just passes all traffic.