[fw-wiz] Pix Authentication doubts
From: Jaime Vargas (j.vargas_at_marieclaire.es)
To: <firstname.lastname@example.org> Date: Wed, 28 Jan 2004 16:40:35 +0100
Hi, first-time poster...
I have a problem with a Cisco PIX 515E version 6.3. In the documentation it
explains rather well how to set up authentication via RADIUS for "any
server", but what I want to do is to authenticate only users which try to
connect to http to a particular server which is in my inside network.
Let's assume that the IP address of my IAS server is IP_IAS_SERVER, which is
on the DMZ, that the IP address of the web server is IP_WEB_SERVER and that
it is visible on the outside interface via NAT with an address of
I think I know that first you have to define the RADIUS server with:
aaa-server AuthInbound protocol radius
aaa-server AuthInbound (dmz) host IP_IAS_SERVER shared_secret
But how excatly should I set up authentication for the server? Should it be
aaa authentication include http outside IP_WEB_NAT 255.255.255.255 0 0
aaa authentication include http inside IP_WEB_SERVER 255.255.255.255 0 0
or none of the above?
PD: I'm on digest, so I'd be grateful if you could CC the possible answer to
my e-mail address as well as to the list. Thanks :)
firewall-wizards mailing list