hi

i have configured cut- through proxy on the router with acs.i am facing a strange problem .

my routers's ethernet 3/0 interface ip add is 10.1.1.1/24 and the acs server is 10.1.1.2/24 and the host ip is 10.1.1.3/24

my routers' e2/0 interface is connected a server running a website .

int e2/0

no shutdown

ip add 20.1.1.1/24

exit

the webserver is running on 20.1.1.2

my router's config

aaa new-model

aaa authentication login default group tacacs+

aaa authorization auth-proxy default group tacacs+

aaa authorization exec default group tacacs+

tacacs-server host 10.1.1.2

tacacs-server key cisco

ip http server

ip http authentication aaa

ip access-list 101 permit tcp host 10.1.1.2 eq tacacs host 10.1.1.1

ip auth-proxy name auth http

int e3/0

no shutdown

ip add 10.1.1.1/24

ip access-group 101 in

ip auth-proxy auth

exit

on the acs server in the tacacs+ ios

i have selected auth-proxy in the services for users and groups

i have created a user john with privilege level 15

have selected auth-proxy and custom attributes

proxyacl#1=permit tcp any any priv-lvl=15

i get the auth-proxy login page when the host on 10.1.1.3 is trying to access 20.1.1.2 web site .

after putting the login credentials i get authentication failed

i tried the debug. i see the router is sending the authentication login and password and getting the status from the acs as pass. i also see the auth-proxy triggered. in there i see

AUTH-PROXY PROTOCOL NOT CONFIGURED.

could someone pls help me what could be the problem. i am have tried many times to get this work. but not fortunate enough.

am i missing on any commands on the router or on the acs. i tried doing as the example mentioned in the student guide but still failed. pls help. waiting for some reply.

sebastan