07-31-2007 10:59 AM - edited 03-10-2019 03:18 PM
I'm trying to set up authentication using a PIX 525 for some of our web servers. In preparation, I'm testing it on a PIX 515. For testing purposes, I'm not using a RADIUS or TACACS server.
I've implemented the following commands:
aaa-server LOCAL protocol local
access-list authlist permit tcp any any eq www
aaa authentication match authlist outside LOCAL
When these commands are used, authentication works as advertised. When I change the access-list to:
access-list authlist permit tcp any host 192.168.1.2 eq www
where 192.168.1.2 is a webserver, authentication does not occur. (We want to require authentication for some web servers but not others.) I've tried variations of the commmand but none has worked. The PIX just passes all traffic.
Any ideas?
Noah
07-31-2007 04:20 PM
Hi,
What if you implement access-list with public ip of web server?
Or
if you implement same configuration on inside interface like
aaa authentication match authlist inside LOCAL
~Rohit
08-02-2007 10:12 AM
Hi,
Solution lies in, from where you are trying to access the server? and where you have applied the authentication to occur?
192.168.1.2 definitely doesn't appears to be a global ip (if you are not working in a test scenario)
outside in the authentication statement means that we want authentication to happen for all the traffic coming in on Outside interface to authenticate.
Little topology detail will help.
Regards,
Prem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide