×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX outbound user authentication

Unanswered Question
Sep 5th, 2003
User Badges:

PIX by default allow all the user behind the firewall to access Internet, Is they any way to configure PIX to force user to authenticate against PIX local username database ( Instead of TACACS+ and Radius), before accessing the Internet.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
scoclayton Fri, 09/05/2003 - 08:04
User Badges:
  • Gold, 750 points or more

Hi,


Unfortuantely, the answer is no for using the local username database. I believe the only features that we can use the local database for is remote access like PPTP and IPSec client access. Tacacs and Radius are the only options for outbound authentication. Sorry. You may want to talk to your local Cisco account team about a feature request if this is something you need/want.


Scott

r.fang Fri, 09/05/2003 - 08:07
User Badges:

Scott,


Could local database work in junction with Virtual HTTP command to get it works???

Thanks

scoclayton Fri, 09/05/2003 - 08:24
User Badges:
  • Gold, 750 points or more

Actually, I think I mis-spoke earlier. After making the post, I went back and looked becuase I thoughtr I remembered something being added recently that changed this. Turns out, you can use the Local user database for cut through proxy authentication in later code (6.2 and above). Just specify LOCAL in the "group_tag" parameter. See the following - http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#1111727


Sorry about that!


Scott

Actions

This Discussion