[fw-wiz] Pix Authentication doubts
From: Jaime Vargas (j.vargas_at_marieclaire.es)
Date: 01/28/04
- Previous message: nathanial Rowland: "[fw-wiz] Help On "Stealth" Fire Walls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <firewall-wizards@honor.icsalabs.com> Date: Wed, 28 Jan 2004 16:40:35 +0100
Hi, first-time poster...
I have a problem with a Cisco PIX 515E version 6.3. In the documentation it
explains rather well how to set up authentication via RADIUS for "any
server", but what I want to do is to authenticate only users which try to
connect to http to a particular server which is in my inside network.
Let's assume that the IP address of my IAS server is IP_IAS_SERVER, which is
on the DMZ, that the IP address of the web server is IP_WEB_SERVER and that
it is visible on the outside interface via NAT with an address of
IP_WEB_NAT.
I think I know that first you have to define the RADIUS server with:
aaa-server AuthInbound protocol radius
aaa-server AuthInbound (dmz) host IP_IAS_SERVER shared_secret
But how excatly should I set up authentication for the server? Should it be
aaa authentication include http outside IP_WEB_NAT 255.255.255.255 0 0
AuthInbound,
aaa authentication include http inside IP_WEB_SERVER 255.255.255.255 0 0
AuthInbound,
or none of the above?
Greetings, Jaime
PD: I'm on digest, so I'd be grateful if you could CC the possible answer to
my e-mail address as well as to the list. Thanks :)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: nathanial Rowland: "[fw-wiz] Help On "Stealth" Fire Walls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
