Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
0
Helpful
1
Replies

strange problem with cut-through proxy

sebastan_bach
Level 4
Level 4

‎04-17-2006 12:07 PM - edited ‎03-09-2019 02:38 PM

hi

i have configured cut- through proxy on the router with acs.i am facing a strange problem .

my routers's ethernet 3/0 interface ip add is 10.1.1.1/24 and the acs server is 10.1.1.2/24 and the host ip is 10.1.1.3/24

my routers' e2/0 interface is connected a server running a website .

int e2/0

no shutdown

ip add 20.1.1.1/24

exit

the webserver is running on 20.1.1.2

my router's config

aaa new-model

aaa authentication login default group tacacs+

aaa authorization auth-proxy default group tacacs+

aaa authorization exec default group tacacs+

tacacs-server host 10.1.1.2

tacacs-server key cisco

ip http server

ip http authentication aaa

ip access-list 101 permit tcp host 10.1.1.2 eq tacacs host 10.1.1.1

ip auth-proxy name auth http

int e3/0

no shutdown

ip add 10.1.1.1/24

ip access-group 101 in

ip auth-proxy auth

exit

on the acs server in the tacacs+ ios

i have selected auth-proxy in the services for users and groups

i have created a user john with privilege level 15

have selected auth-proxy and custom attributes

proxyacl#1=permit tcp any any priv-lvl=15

i get the auth-proxy login page when the host on 10.1.1.3 is trying to access 20.1.1.2 web site .

after putting the login credentials i get authentication failed

i tried the debug. i see the router is sending the authentication login and password and getting the status from the acs as pass. i also see the auth-proxy triggered. in there i see

AUTH-PROXY PROTOCOL NOT CONFIGURED.

could someone pls help me what could be the problem. i am have tried many times to get this work. but not fortunate enough.

am i missing on any commands on the router or on the acs. i tried doing as the example mentioned in the student guide but still failed. pls help. waiting for some reply.

sebastan

Labels:
0 Helpful
1 Reply 1

sbilgi
Level 5
Level 5

‎04-21-2006 09:25 AM

After you have finished configuring the HTTPS server, you must configure the authentication proxy (globally and per interface). For information on completing this task, refer to the section "Configuring the Authentication Proxy" in the chapter "Configuring Authentication Proxy" of the Cisco IOS Security Configuration Guide, Release 12.2.

Verifying HTTPS Authentication Proxy

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122y/122yu11/ftfwhttp.htm

0 Helpful
Customers Also Viewed These Support Documents