Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Internet_Access

In my current configuration all web access is done via an ISA proxy server. Only server vlans are NAT'd by the pix. However individual workstations have the need to telnet, ftp or vpn out. To accomplish this the workstations are permitted to receive NAt from the PIX.

As you know this requires editing the PIX config everytime a special circumstance arises. IS there a better way to provide these services to the clients without having to edit the PIX over and over.

4 REPLIES
Silver

Re: Internet_Access

Hi,

For Telnet/FTP, you can have user level authentication, so users will be prompted for username/password and based on this, they can be allowed or denied.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea9.shtml

Thanks

Nadeem

Community Member

Re: Internet_Access

Would i use a radius server for this. Or is this feature bulit in to the PIX?

Would this have an effect on users trying to access the web. Would they be prompted as well. The web clients are already configured to use PRXY. I would not wan to add another login for these users.

Thank you for your help.

Anthony

Silver

Re: Internet_Access

it is all there in the link i gave you.

yes radius server is required.

no it wont effect any other service

Community Member

Re: Internet_Access

Thank You for advice.

96
Views
0
Helpful
4
Replies
CreatePlease to create content