Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

local authentication through the pix

i want my local lan users to be authenticated through the pix before accessing any web/outbound servcies

I do not want to use any external authentication servers

is that possible

3 REPLIES
Silver

Re: local authentication through the pix

New Member

Re: local authentication through the pix

Hello,

Thanks for replying

What you say is virtual telnet and virtual http:

I will try these commands:

aaa-server LOCAL protocol LOCAL

access-list 101 permit tcp any any eq telnet

access-list 101 permit tcp any any eq ftp

access-list 101 permit tcp any any eq www

aaa authentication match 101 outside LOCAL

virtual telnet freepublicip

virtual http freeprivateip

username xxx password yyy privilege 15

username xx1 password yyy privilege 15

So these lan tarffic will get local

authentication prompt when they try to use any of these services outbound

Incoming server or vpn traffic should not be affected by this config .

I would have about 70 users accessing internet,telnet etc

also would add a filtering server for content filtering

will that affect the pix performance if I do this local authentication for these many users

Anything else that I may need

Raj

New Member

Re: local authentication through the pix

This also called cut-though proxy. telnet,ftp and www are inter-active protocol supportted by PIX,for other protocol you have to use virtual telnet.I thought followed configuration is good enough,also make sure the authentication is applied on inside interface for outbound traffic.

aaa-server LOCAL protocol LOCAL

access-list 101 permit tcp any any eq telnet

access-list 101 permit tcp any any eq ftp

access-list 101 permit tcp any any eq www

aaa authentication match 101 inside LOCAL

username xxx password yyy privilege 15

username xx1 password yyy privilege 15

90
Views
4
Helpful
3
Replies
CreatePlease to create content