04-17-2006 12:07 PM - edited 03-10-2019 02:32 PM
hi
i have configured cut- through proxy on the router with acs.i am facing a strange problem .
my routers's ethernet 3/0 interface ip add is 10.1.1.1/24 and the acs server is 10.1.1.2/24 and the host ip is 10.1.1.3/24
my routers' e2/0 interface is connected a server running a website .
int e2/0
no shutdown
ip add 20.1.1.1/24
exit
the webserver is running on 20.1.1.2
my router's config
aaa new-model
aaa authentication login default group tacacs+
aaa authorization auth-proxy default group tacacs+
aaa authorization exec default group tacacs+
tacacs-server host 10.1.1.2
tacacs-server key cisco
ip http server
ip http authentication aaa
ip access-list 101 permit tcp host 10.1.1.2 eq tacacs host 10.1.1.1
ip auth-proxy name auth http
int e3/0
no shutdown
ip add 10.1.1.1/24
ip access-group 101 in
ip auth-proxy auth
exit
on the acs server in the tacacs+ ios
i have selected auth-proxy in the services for users and groups
i have created a user john with privilege level 15
have selected auth-proxy and custom attributes
proxyacl#1=permit tcp any any priv-lvl=15
i get the auth-proxy login page when the host on 10.1.1.3 is trying to access 20.1.1.2 web site .
after putting the login credentials i get authentication failed
i tried the debug. i see the router is sending the authentication login and password and getting the status from the acs as pass. i also see the auth-proxy triggered. in there i see
AUTH-PROXY PROTOCOL NOT CONFIGURED.
could someone pls help me what could be the problem. i am have tried many times to get this work. but not fortunate enough.
am i missing on any commands on the router or on the acs. i tried doing as the example mentioned in the student guide but still failed. pls help. waiting for some reply.
sebastan
04-21-2006 09:26 AM
Check out the following link...
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b5e.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide