Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

strange problem with cut-through proxy


i have configured cut- through proxy on the router with acs.i am facing a strange problem .

my routers's ethernet 3/0 interface ip add is and the acs server is and the host ip is

my routers' e2/0 interface is connected a server running a website .

int e2/0

no shutdown

ip add


the webserver is running on

my router's config

aaa new-model

aaa authentication login default group tacacs+

aaa authorization auth-proxy default group tacacs+

aaa authorization exec default group tacacs+

tacacs-server host

tacacs-server key cisco

ip http server

ip http authentication aaa

ip access-list 101 permit tcp host eq tacacs host

ip auth-proxy name auth http

int e3/0

no shutdown

ip add

ip access-group 101 in

ip auth-proxy auth


on the acs server in the tacacs+ ios

i have selected auth-proxy in the services for users and groups

i have created a user john with privilege level 15

have selected auth-proxy and custom attributes

proxyacl#1=permit tcp any any priv-lvl=15

i get the auth-proxy login page when the host on is trying to access web site .

after putting the login credentials i get authentication failed

i tried the debug. i see the router is sending the authentication login and password and getting the status from the acs as pass. i also see the auth-proxy triggered. in there i see


could someone pls help me what could be the problem. i am have tried many times to get this work. but not fortunate enough.

am i missing on any commands on the router or on the acs. i tried doing as the example mentioned in the student guide but still failed. pls help. waiting for some reply.



Re: strange problem with cut-through proxy

After you have finished configuring the HTTPS server, you must configure the authentication proxy (globally and per interface). For information on completing this task, refer to the section "Configuring the Authentication Proxy" in the chapter "Configuring Authentication Proxy" of the Cisco IOS Security Configuration Guide, Release 12.2.

Verifying HTTPS Authentication Proxy