Firewall Wizards mailing list archives
Pix Authentication doubts
From: "Jaime Vargas" <j.vargas () marieclaire es>
Date: Wed, 28 Jan 2004 16:40:35 +0100
Hi, first-time poster... I have a problem with a Cisco PIX 515E version 6.3. In the documentation it explains rather well how to set up authentication via RADIUS for "any server", but what I want to do is to authenticate only users which try to connect to http to a particular server which is in my inside network. Let's assume that the IP address of my IAS server is IP_IAS_SERVER, which is on the DMZ, that the IP address of the web server is IP_WEB_SERVER and that it is visible on the outside interface via NAT with an address of IP_WEB_NAT. I think I know that first you have to define the RADIUS server with: aaa-server AuthInbound protocol radius aaa-server AuthInbound (dmz) host IP_IAS_SERVER shared_secret But how excatly should I set up authentication for the server? Should it be aaa authentication include http outside IP_WEB_NAT 255.255.255.255 0 0 AuthInbound, aaa authentication include http inside IP_WEB_SERVER 255.255.255.255 0 0 AuthInbound, or none of the above? Greetings, Jaime PD: I'm on digest, so I'd be grateful if you could CC the possible answer to my e-mail address as well as to the list. Thanks :) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Pix Authentication doubts Jaime Vargas (Jan 31)