I have this internal web server protected by the pix. now I want the pix to use aaa and ask for authentication when the user tries to connect to the firewall which by using static send the request to the web server.
this is my code,
access-list from_outside extended permit icmp any any log
access-list from_outside extended permit tcp any host <mypublicip> eq 11070 log
access-list from_outside extended permit tcp any host <mypublicip> eq https log
access-list from_outside extended deny ip any any log
access-list acl_auth extended permit tcp any any eq https
aaa-server MYAAA protocol radius
aaa-server MYAAA (inside) host 22.214.171.124
aaa authentication ssh console MYAAA LOCAL
aaa authentication match acl_auth outside MYAAA
auth-prompt prompt Enter your user and pass!
auth-prompt accept YESSSSSSSSSSSSSSSSSSSSSSSSSsss
auth-prompt reject NOOOOOOOOOOOOOOOOOOOOOOo
now when I try to connect to
I don't get any internet explorer popups and in my pix logs I see a line
%PIX-7-109014: uauth_lookup_net fail for get_np_flow_info()
on cisco it says that I have to use authorization as well but I don't understand why, I don't even get a popup to type my user/pass.
also, I'm using freeradius on a linux box, the authentication works because to log into my cisco I use aaa and I can log no problem there.
any help would be appreciated.