Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How do others force users to authenticate for outbound ftp/telnet? (PIX525)

Ok, I'm having an issue with my PIX firewall.

I need to force users to authenticate in order to have be allowed to use the ftp or telnet protocols outbound.

Has anyone found a method of doing authentication/authorization for ftp/telnet that actually works in a way that an end user would find acceptable?

TAC finally came up with how they do it which is completely unacceptable. (users would have to remember that username is actually local username@remote username and password is local password@remote password. There is no way my users can remember that and even that does not work 100% of the time due to getting these 500 errors wanting higher ports open.

Has anyone found a method of doing authentication/authorization for ftp/telnet that actually works in a way that an end user would find acceptable?

1 REPLY
Silver

Re: How do others force users to authenticate for outbound ftp/t

Hello,

For telnet you don't have to send the username@remote_username. For ftp this is what is required. Unfortunately, this is the only option for FTP. Not sure about the 500 error, did you check to see on the AAA server as well as on the sylog why you are getting this error message? It should work ! Thanks,

Mynul

98
Views
0
Helpful
1
Replies
CreatePlease to create content