Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Can't make PIX authenticate

I'm trying to configure a Cisco Pix 506E. I've added a static translation rule for IP. Then I've added an access rule to the inside network over one port I need to use. Everything is working Ok and I do connect through the Pix over such port. But, when I add an Authentication rule with the LOCAL server to make the Pix ask for a User Name and Password when accessing to a host in the inside network, the connection is not possible and I no user name and password is requiered ever.

Please help me. What should I do?


Re: Can't make PIX authenticate

I presume you are trying to use Cut-Through-Proxy feature on this pix, if this is the case is this a standard TCP port like HTTP, HTTPS or TELNET? These are the only ports that work with straight forward with the proper aaa setup. If you are using another service like RDP or so you would need to use Virtual configs like virtual telnet or virtual http check the link below:

Community Member

Re: Can't make PIX authenticate

Excuse me, may be I did not explain very well. What I want to do is to perform a Remote Desktop Connection from the Outside network to a specific hot in the inside network, and to specify who can access that host in that way in the LOCAL Pix database with user names and passwords. So, it happens that when I create the static translation rule and an access rule to give access on the Remote Desktop Port (3389), I do connect by Remote Desktop to the host in the inside network. But, when I add an Authentication Rule, I am not ever asked for the user name nor password and the connection is not possible any more. You told that this is not possible? I'm using PDM to configure the Pix.

Re: Can't make PIX authenticate

You did explain well, this feature is called Cut-Through-Proxy, and it is supported straigh through for HTTP, HTTPS and TELNET, for services such as RDP (port 3389) you need to use either virtual telnet or virtual http to make it even prompt for authentication, please take a look at the link I sent you.

CreatePlease to create content