Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA Authentication Exclude

I have enabled "aaa authentication exclude" commad statement on PIX (6.3).

This excludes the Hosts for which the Firewall doesnot prompt for authentication.

What is the best way to add more lines into it.Do i have to remove all the commands and then all the old and new commands.I added one host in the list for exclution,but the PIX still prompts for username/password.

aaa authentication exclude https outside x.x.x.x 255.255.255.255 a.b.c.d 255.255.255.255 authserv

aaa authentication exclude http outside x.x.x.x 255.255.255.255 a.b.c.d 255.255.255.255 authserv

aaa authentication exclude tcp/25 1.1.1.1 255.255.255.255 192.168.25.1 255.255.255.255 authserv

aaa authentication exclude tcp/25 1.1.1.2 255.255.255.255 192.168.25.2 255.255.255.255 authserv

2 REPLIES
New Member

Re: AAA Authentication Exclude

Replace tcp/25 with tcp/0.

Please review the tcp port. The pix does not support tcp/25 (smtp) specified in your config.

The tcp/0 option enables authentication for all TCP traffic, which includes FTP, HTTP, HTTPS, and Telnet. When a specific port is specified, only the traffic with a matching destination port is included or excluded for authentication. Note that FTP, Telnet, HTTP, and HTTPS are equivalent to tcp/21, tcp/23, tcp/80, and tcp/443, respectively.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1111727

Mike

New Member

Re: AAA Authentication Exclude

Hi,

Use aaa authentication match "ACL"

In this match mathod you can deny all the traffic which you doen't require to authenticate. This is more controlable mathod.

Thanks,

Mustafa

137
Views
0
Helpful
2
Replies
CreatePlease to create content