HTTPS inbound to PIX using authorization

Unanswered Question
Dec 14th, 2007
User Badges:

I have a private web server behind a PIX firewall. Is there a method of having the PIX require inbound authorization (UID and Password, credentials stored on an AAA server or in the local database), prior to allowing a connection to the protected web server ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
elparis Fri, 12/14/2007 - 06:07
User Badges:
  • Cisco Employee,

Sure, this is what authorization proxy is for. The documentation for this is pretty good and does a better job than what I could do here. The documentation is located here for recent versions of the PIX software:


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/fwaaa.html


Old software used "aaa authentication include". New software has moved to "aaa authentication match".


You must define your AAA server prior to the "aaa authentication xxxxxx" command since the aaa command references the AAA server.


Hope this helps.

Actions

This Discussion