Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX HTTP out- Local Authentication?

Hi there,

message description says it all, really. Is there a way to prompt users who wish web access for a username and password from a local authentication database stored on the PIX? I am aware that this can be done using aaa to a RADIUS or TACACS+ box, but what about on the PIX itself? I ask as I'm being informed that its an easy thing to do on a Checkpoint firewall.

TIA-

Gary

2 REPLIES

Re: PIX HTTP out- Local Authentication?

Hi Gary,

When using PIX Firewall Version 6.3 or higher (not 6.2 or lower) , you can enable authentication for pass-through access using PIX local user database.

The configuration steps are similar to those for configuring a RADIUS/TACACS+ server.

You don't have to use normal aaa authentication parameter via ACS/Radius server, which normally looks like:

aaa-server AuthInbound protocol radius

aaa-server AuthInbound (inside) host 10.1.1.1 TheUauthKey

What you need is to create local user in PIX, then define aaa authentication parameter that refers to local database (use LOCAL keyword), and define the web (http) service as follow:

aaa authentication include 0 0 0 0 LOCAL

aaa authentication include http inside 0 0 0 0 LOCAL

Note:

1. Replace with service such as http, telnet or ftp.

2.Replace with the name of the interface on which you are enabling authentication, as configured with the nameif command.

Ref:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#wp1016090

AAA Command:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1111727

Rgds,

AK

New Member

Re: PIX HTTP out- Local Authentication?

Thanks AK, I'll try this out.

regards,

Gary

91
Views
0
Helpful
2
Replies
CreatePlease login to create content