Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Auth from PIX : How to pass authentication information to web server

If i''m using the PIX/Tacacs+ to authenticate & authorize user to access the Web server (in DMZ), how can i pass the authentication information to the web server because this application needs to know who is the user?


Re: Auth from PIX : How to pass authentication information to we

As I understand it, when you browse to the webserver and enter your credentials, the PIX intercepts and forwards on to the AAA server. MS Explorer thinks you are authenticating against any webserver so once authenticated it resends those credentials in the http get. So theoretically those credentials are there for your use. There is no way to forward this from the PIX or the AAA server.

New Member

Re: Auth from PIX : How to pass authentication information to we

Hi Thomas,

Yes, the PIX is able to ask for credentials to web surfer, when port 80 is triggered, and authenticate the access request against a AAA server. What i'm searching for, is a solution to simulate the authentication process but between the PIX & the Web server because the web server needs also the credentials not for a security purpose but only for an identification (personalized Web) purpose. I know, one way to do that is asking a second time the credentials, by the web server, but i wish to authenticate only once.

Other issue:

I know there is some problems about how Cisco is controlling the access when autorization granted because the pix only take care of de SA/DA instead of SA-SP/DA-DP leaving a second remote user behind a PAT gateway accessing the web server because a first user as been granted before for the same location.

If someone has the answers to the preceding issues, i will appreciate to know.

Thanks you