Pix Authentication doubts

["Jaime Vargas" <j.vargas () marieclaire es>]

Hi, first-time poster...

I have a problem with a Cisco PIX 515E version 6.3. In the documentation it
explains rather well how to set up authentication via RADIUS for "any
server", but what I want to do is to authenticate only users which try to
connect to http to a particular server which is in my inside network.

Let's assume that the IP address of my IAS server is IP_IAS_SERVER, which is
on the DMZ, that the IP address of the web server is IP_WEB_SERVER and that
it is visible on the outside interface via NAT with an address of
IP_WEB_NAT.

I think I know that first you have to define the RADIUS server with:

aaa-server AuthInbound protocol radius
aaa-server AuthInbound (dmz) host IP_IAS_SERVER shared_secret

But how excatly should I set up authentication for the server? Should it be

aaa authentication include http outside IP_WEB_NAT 255.255.255.255 0 0
AuthInbound,
aaa authentication include http inside IP_WEB_SERVER 255.255.255.255 0 0
AuthInbound,

or none of the above?


Greetings, Jaime

PD: I'm on digest, so I'd be grateful if you could CC the possible answer to
my e-mail address as well as to the list. Thanks :)

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards