Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

HTTP multiple authentication request

I have PIX authentication for getting to Internet.

When I open IE window and go to internet I get challenge and after I put username and password I can get to Internet.

Authentication happens just one time.

If I am not authenticated yet and I am reading e-mails and see e-mail with html page , then I have few challenge windows to see one page in e-mail ( I thing for each graphical object).

If I am reading e-mails after opening IE and getting authenticated it works without problems - I do not have this challenge windows at all...

Tried find info for this...No luck...

  • Other Security Subjects
3 REPLIES
Cisco Employee

Re: HTTP multiple authentication request

This is bug CSCdr77921, fixed in a number of versions. You don't mention what version of PIX you're running, but it should be fixed in 6.0(1) and later (any 6.1 and 6.2 release should have the fix).

Having said that, even if you're running one of these fixed code versions, you need the "virtual http" command in the PIX. You can read up on it here (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#xtocid9), just make sure the address you use is unique and is routed to the PIX (use an address on the inside subnet of the PIX if you like).

New Member

Re: HTTP multiple authentication request

I read about bug... I have right software version.

Is it enough to put this commands?

virtual http

sysopt uauth allow-http-cache

And what ip addr should I put there?

Could it be any pingable IP inside?

Could it be inside pix interface ip?

Should it be address of internal web server?

Thanks for help.

Cisco Employee

Re: HTTP multiple authentication request

The commands should be fine. The IP address to use should be any unused IP address that is routed to the PIX from your inside network. Usually I would use an unused address on the same subnet as the inside interface IP address. Do NOT use the PIX interface's IP address.

99
Views
0
Helpful
3
Replies
This widget could not be displayed.