I'm working on a project where i'm placing a couple of 507 with a leg in the inside lan and a leg in a dmz, this in order to take advantage of the presence of the pix and to perform both http proxy and reverse proxy (using a cat3550 with wccp2 in the inside and a 3725 with wccp2 in the outside), is there any problem with my design?
Also, are NTLM and LDAP auth. both trasparent (popless) to the user?
Last, in the scenario above, using NTLM or LDAP auth. can I log the users activity by name rather than ip?
The design with both forward and reverse proxy is generally recommended. For clients within the domain using the Internet Explorer browser in proxy mode, NTLM authentication is "popless", the user is not prompted with a dialog box to enter a username and password. In transparent mode, authentication is transparent only if the Internet options security settings are customized and set to User Authentication > Logon > Automatic logon with current username and password.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...