Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member


I have three questions regarding auth-proxy

one: (using a 1721 running 12.4 IOS)using local auth-proxy(which i have verified works), is there any way to define which dynamic ACL is applied, rather then a simple permit any? I know how to do this using ACS but I am tryin go do it locally, where I can at least define a user and where they can do once they authenticate

two: do the pix and/or ASA firewalls support auth-proxy like IOS routers do and where can I find documentation on implimenting it

three: on either a firewall or router running firewall IOS, can auth-proxy go beyond ACLs for the users once they authenticate? For example, CBAC policies/URL blocking/allowing, QOS, etc?


Re: auth-proxy

for question 1 yes i think let me check for u

for question 2 sure u can they called cut-through

pix(config)#aaa authentication include http inside 0 0 0 0 LOCAL

about ur question 3 i am not sure there is away for that bit you can play around it through source and distination acls and policies

good luck and rate if usefull