I've installed a PIX 515E DMZ with PIX OS 6.3 at a customer's site.
I've enabled RADIUS authentication for access via the internal
interface to the outside interface (Internet), this is done via
Microsoft Active directory and IAS (Microsoft's own RADIUS server)
the authentication works fine, and it allows access only once the
users authenticate. However some web sites not more then 2 or 3 seem to
require the users to authenticate twice if accessed first i.e. the first authentication prompt is from the pix i.e. site: is the site URL. Realm : The authentication text that Ive enter in the auth-prompt prompt command but the second one has Site: the site URL Realm: Also site URL for example.
As can be expected the authentication for the second one does not work, i.e.. the same user name password used in the first one does not work. But if you cancel the second one the page does not display, but when you access the same site again, after the first pix authentication it goes through.
What is causing this second authentication prompt and how do I stop it from happening. ? Has any one else come across this problem. ?
From my understanding of the fault description above, it sounds like something "Virtual HTTP" should resolve. These sites are most likely runing Microsoft IIS with Basic Authentication or NT Challenge enabled.
Virtual http [warn]
Where is an unused IP address routed to the PIX and [warn] to notify users of redirection.
This will prevent the wrong authentication credentials from been appended to the HTTP GET command sent from browser.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...