https://community.cisco.com/t5/network-access-control/aaa-authentication-exclude/m-p/509239#M1569 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P> Use aaa authentication match "ACL" </P><P>In this match mathod you can deny all the traffic which you doen't require to authenticate. This is more controlable mathod.</P><P></P><P>Thanks,</P><P>Mustafa</P></BODY></HTML> Wed, 06 Sep 2006 07:04:42 GMT mustafa_nbk 2006-09-06T07:04:42Z https://community.cisco.com/t5/network-access-control/aaa-authentication-exclude/m-p/509237#M1566 <P>I have enabled "aaa authentication exclude" commad statement on PIX (6.3).</P><P></P><P>This excludes the Hosts for which the Firewall doesnot prompt for authentication.</P><P></P><P>What is the best way to add more lines into it.Do i have to remove all the commands and then all the old and new commands.I added one host in the list for exclution,but the PIX still prompts for username/password.</P><P>aaa authentication exclude https outside x.x.x.x 255.255.255.255 a.b.c.d 255.255.255.255 authserv</P><P>aaa authentication exclude http outside x.x.x.x 255.255.255.255 a.b.c.d 255.255.255.255 authserv</P><P>aaa authentication exclude tcp/25 1.1.1.1 255.255.255.255 192.168.25.1 255.255.255.255 authserv</P><P>aaa authentication exclude tcp/25 1.1.1.2 255.255.255.255 192.168.25.2 255.255.255.255 authserv</P><P></P><P></P> Fri, 21 Feb 2020 18:16:31 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-exclude/m-p/509237#M1566 rpsrekhi3 2020-02-21T18:16:31Z https://community.cisco.com/t5/network-access-control/aaa-authentication-exclude/m-p/509238#M1568 <HTML><HEAD></HEAD><BODY><P>Replace tcp/25 with tcp/0.</P><P></P><P>Please review the tcp port. The pix does not support tcp/25 (smtp) specified in your config.</P><P></P><P>The tcp/0 option enables authentication for all TCP traffic, which includes FTP, HTTP, HTTPS, and Telnet. When a specific port is specified, only the traffic with a matching destination port is included or excluded for authentication. Note that FTP, Telnet, HTTP, and HTTPS are equivalent to tcp/21, tcp/23, tcp/80, and tcp/443, respectively. </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1111727" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1111727</A></P><P></P><P>Mike</P></BODY></HTML> Thu, 17 Aug 2006 12:50:50 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-exclude/m-p/509238#M1568 mpalardy 2006-08-17T12:50:50Z https://community.cisco.com/t5/network-access-control/aaa-authentication-exclude/m-p/509239#M1569 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P> Use aaa authentication match "ACL" </P><P>In this match mathod you can deny all the traffic which you doen't require to authenticate. This is more controlable mathod.</P><P></P><P>Thanks,</P><P>Mustafa</P></BODY></HTML> Wed, 06 Sep 2006 07:04:42 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-exclude/m-p/509239#M1569 mustafa_nbk 2006-09-06T07:04:42Z