Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

authentication for internet traffic


I have an inside network behind a pix-515 firewall. I want to enable aaa for the internet traffic in a manner that when a user on the inside zone tries to access Internet a window pops up asking for username and password . Upon entering the username and password the credentials would be matched against a database which has a lits of username allowed to access internet.

If there is a successful match then the pix would allow internet traffic to pasthrough. Can this be accomplished using just tha Pix and may be a TACACS+ server . I do not have an ACS in our network and the managemnet does not have budget to purchase that . Could some one suggest a solution by which i can implement this with out any further investment?




Re: authentication for internet traffic

This can be done with TACACS+, but you'll need ACS for that. You can do this with a RADIUS server as well. There are severable freeware RADIUS servers available. If you're doing authentication only, you can use any simple RADIUS server including the IAS server in Win2k I'm sure. If you want to do authentication and authorization, you'll need a more robust RADIUS server. The most functional one I know of would be openradius for *nix. It supports everything I've heard of and things I haven't. You can even implement custom attributes.

Note that the Pix cannot do authentication for any protocols EXCEPT HTTP, FTP, and TELNET. In otherwords, you'll need authenticate for HTTPS before you can do HTTPS. This will change in Pix 6.3.

CreatePlease to create content