Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

aaa auth include tcp/10000 login issue

I'm trying to use the command

"aaa authentication include tcp/10000 AuthInbound"

The application behind this is browser based, so I'm trying to hit port 10000 with IE6, and not getting anything other than the message

"Authorization is required" page=

Port 80 works fine- I do get the expected dialog for username/password if I hit port 80 (which is the regular website for this server) Port tcp/10000 does not make my browser pop up the dialog though...

what do I do to make the usual login dialog window appear on this aaa command?

This is critical for using any website on non-standard ports (which many administrative applications do)

thanks, Tim

Cisco Employee

Re: aaa auth include tcp/10000 login issue

I'm surprised the PIX even allows you to put tcp/10000 in as the service type in that command. All it's really going to accept/interpret in this command is the keywords telnet, http, any or ftp.

What I would suggest is putting in "http" instead of "tcp/10000" cause that's definately not going to work. Then you have to tell the PIX that TCP port 10000 packets are HTTP, so use the command:

> fixup protocol http 10000

and see how that goes.

New Member

Re: aaa auth include tcp/10000 login issue

The idea I had was from this TAC case online:

the following line:

aaa authentication include tcp/49 inbound Incoming

Not directly related, but hoped it would work...

I do happen to have

fixup protocol http 10000

in the PIX-

what I don't have is the http version of auth-

The problem is that there are virtual servers on that box-

I want to allow unrestricted access to port 80 with _no_ auth -

but I do want to require auth on http sessions to port 10000

Also, the PIX supports many other webservers on other IP addresses-

so I'm restricted as to how I can do the global level commands-

I don't fully understand the ramifications of 'no fixup protocol http 80'

which I guess would return port 80 connections to their normal

non-filtered state.... but it would do it for all webservers

on the entire PIX, not just that one server.



New Member

Re: aaa auth include tcp/10000 login issue

Further thoughts- I tried using the 'fixup protocol http 10000'

with an aaa statement for http on the PIX-

What happened was that I got auth requirements on port 80, but not on port 10000 ... the PIX somehow assumed that since I'd said http, I must be talking about port 80... I removed the fixup for protocol http 80

and nothing changed (yes, I was doing write mem, before testing..)

CreatePlease to create content