Cisco Support Community
Community Member

How to authenticate webserver running inside the Firewall using CISCO ACS

We are trying to configure ACS to authenticate a webserver running inside the Firewall. Users need to

access webserver using NT/2000 authentication from Internet.

Community Member

Re: How to authenticate webserver running inside the Firewall us

Well, you have two choices, either to look into the NT/2000 authentication from the server side. As far as I know they will not support TACACS authentication, can support Radius though, 2000 can work with LDAP, but not sure if you can use Cisco ACS for that.

The other option, since it is behind a FW, u use cut-through authentication in PIX, I assume it is a PIX FW, isn't it?

Issue the following commands in the PIX,

(Assume the web server inside local IP address is, and outside global IP is, ACS is

static (inside, outside)

!The following line shall be configured by default, you can replace the "TACACS+" auth-group by any other group

aaa-server TACACS+ protocol tacacs+

! You start configuring here, "cisco" is your ACS key

aaa-server TACACS+ (inside) host cisco

! This for the cut-though authentication

aaa authentication include http outside TACACS+

aaa authorization include http outside TACACS+

Please check also the following link for more info on that. I have just posted it awhile ago in another post in this forum... :)

CreatePlease to create content