Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
4
Replies

Secure web server access with 2851 router.

briley
Level 1
Level 1

‎12-20-2007 01:32 PM - edited ‎03-09-2019 07:41 PM

I would like to know if something like this is possible. If not can anyone offer any suggestions on how to do something similar? Here is the setup. I have two IP networks on different VLAN's. The VLAN's are connected to a 2851 which is doing the routing between the different networks and is also the default gateway. On one of these subnets is the data network 192.168.1.x and the other is a “server” network of 172.16.1.x that has an application the users will connect to. The application on the PC's uses a few different ports, about 10, which I am just going to allow access to those ports to the servers and deny everything else with an access list. The users also do administration work using HTTPS to this same web server. What I want to be able to do is deny HTTPS traffic to the server unless the users are authenticated somehow. I would like the user to open HTTPS://172.16.0.100 and the router intercept the URL string and prompt the user to authenticate. Then if the authentication is successful build an access list to allow the HTTPS traffic to the server. After an inactivity period the router would close the access to the server network. I would like the authentication to happen centrally using Radius and HTTPS. Does anyone have any suggestions?

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎12-20-2007 01:46 PM

Hi

Have a look at this link which gives an example of how to get your router to do HTTPS authentication. You would need the IOS firewall feature set on your 2800 router.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a0080146562.html

HTH

Jon

0 Helpful

briley
Level 1
Level 1
In response to Jon Marshall

‎12-20-2007 01:58 PM

I have the firewall feature set on the router. I will give this a try.

0 Helpful

briley
Level 1
Level 1
In response to briley

‎12-20-2007 02:54 PM

I actually think Lock-and-Key Security (Dynamic Access Lists) is what I need but the only thing I don't like about it is that I need to put my username and password in via telnet. Is there anyway to do this via ssh or some other https session on the router?

0 Helpful

briley
Level 1
Level 1
In response to briley

‎12-21-2007 11:45 AM

Does anyone know of a way to configure the authentication to not use a telnet session? I can't use this if I have to use telnet for authentication.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents