Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix authentication other than ftp,http and telnet

Two networks separated by a firewall. A server is located on the inside interface. Inbound authentication is active on the firewall in coordination with CiscoSecure. Users on the outside network needs to map a shared folder of server first inorder to run an application. The problem is that I need to do an ftp or an http authentication before mapping that folder. Is there a workaround to authenticate the mapping service (Netbios) instead of doing (two-step) ftp/http then mapping?

3 REPLIES
Silver

Re: Pix authentication other than ftp,http and telnet

You could use a VPN tunnel to connect your users to the network, then they can login to the Netbios services as usual. That’s probably the easiest and most secure way. You shouldn’t use NetBios across the Internet as a general rule, pretty insecure. If you have to, since NT login is considered pretty secure anyway, make aaa exceptions for the NetBios hosts that need to be connected to and then your users will only get the NetBios login and not have to http, telnet or ftp to open the conduits for those hosts. The PIX won’t ever be running a NetBios authentication daemon. This is Microsoft proprietary technology and I can’t see them licensing that to Cisco.

New Member

Re: Pix authentication other than ftp,http and telnet

We had a similar issue last year with NetWare communication and authentication of conduits to NDS. A Cisco security representative responded that neither Novell or Microsoft would share their authentication API's. This leaves three options: use the default telnet, ftp, or http to authenticate your conduit, leave an open conduit (not an option for us), or VPN. If your outside users are coming across the Internet, or any untrusted network, then a VPN is your most secure solution of the three.

New Member

Re: Pix authentication other than ftp,http and telnet

If you need to make this simpler for the users,

I recommend a batch file that will ftp in, passing username/password, then quit out. The next step in the batch file would be a net use statement.

171
Views
0
Helpful
3
Replies
CreatePlease login to create content