Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX FTP authentication feature

We currently went from using 4 /24 networks as our NAT pools for Internet access. We just added a PAT address as the NAT pools were full, and now any FTP requires authentication even if the user is alrady authenticated. HTTP and telnet are fine. We are using RADIUS authentication with dynamic ACL's on a PIX 525 running 5.3(4). Anyone else experience this?


Re: PIX FTP authentication feature

Hi .. you can try excluding FTP from triggering aaa authentication. ( Note: Your PIX version is old so I hope these commands are available )

aaa authentication exclude tcp/21 interface x.x.x.x aaa-group

where interface is the interface from where your radius can be reached i.e inside

x.x.x.x is the IP address of your Radius server

aaa-group is the group name assigned by aaa-server command.

Or you could exclude your outbound connections from triggerring the authention by using an access-list

access-list yourlist deny ftp x.x.x.0 any

access-list yourlist permit tcp any any

aaa authentication match yourlist outbound radius

I hope it helps ... please rate it if it does !!!

New Member

Re: PIX FTP authentication feature

My apologies, I missed my typo. The correct version of PIX OS is 6.3(4)

CreatePlease to create content