https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260069#M367332 <HTML><HEAD></HEAD><BODY><P>You probably did not understand that i want to use the authentication proxy feature.I dont want to use lock-and-key.</P></BODY></HTML> Wed, 25 Nov 2009 13:22:47 GMT k.protopapas 2009-11-25T13:22:47Z https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260067#M367251 <P>I have the following scenario:I require to set up a transparent firewall using a Cisco 1841 router with 2 Fast Ethernet interfaces with IOS version 12.4(15)T9 Advanced Security.The project also calls for authenticating users using the ip auth-proxy feature.The users should use https to connect to an internal server.The IP addresses of the users are dynamic (i.e. they may authenticate from the Internet).I have set up successfully the ip auth-proxy feature using an external ACS server using TACACS+.However, i want to use the AAA local server feature in order to implement this project instead of using an external AAA server.</P><P>The question is how to configure the local AAA attributes in order to have the same functionality as when using an external AAA server(i.e dynamic proxy ACL entries permitting specific IP addresses and protocols) without using one(i.e using only the local AAA server feature of Cisco IOS).</P> Sun, 10 Mar 2019 23:48:42 GMT https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260067#M367251 k.protopapas 2019-03-10T23:48:42Z https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260068#M367277 <HTML><HEAD></HEAD><BODY><P>AFAIK, the auth-proxy feature is only supported using an external AAA. If you need to use the local dat</P><P>abase, you have to look at the lock-n-key feature, please see these links:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authen_prxy.html#wp1054354">http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authen_prxy.html#wp1054354</A></P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_lock_key_secrty_ps6350_TSD_Products_Configuration_Guide_Chapter.html">http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_lock_key_secrty_ps6350_TSD_Products_Configuration_Guide_Chapter.html</A></P><P><BR />Regards</P><P></P><P>Farrukh</P></BODY></HTML> Wed, 25 Nov 2009 13:01:53 GMT https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260068#M367277 Farrukh Haroon 2009-11-25T13:01:53Z https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260069#M367332 <HTML><HEAD></HEAD><BODY><P>You probably did not understand that i want to use the authentication proxy feature.I dont want to use lock-and-key.</P></BODY></HTML> Wed, 25 Nov 2009 13:22:47 GMT https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260069#M367332 k.protopapas 2009-11-25T13:22:47Z https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260070#M367362 <HTML><HEAD></HEAD><BODY><P>Check out the table on the first link comparing auth-proxy and lock-n-key, it clearly states that local authentication is not supported with auth-proxy. this is from Cisco not me <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Fri, 27 Nov 2009 17:46:48 GMT https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260070#M367362 Farrukh Haroon 2009-11-27T17:46:48Z https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260071#M367448 <HTML><HEAD></HEAD><BODY><P>I know about that.But Cisco also states that the Local AAA server can be used instead of an external AAA server.So,stop posting unless you have a solution to my problem.</P></BODY></HTML> Mon, 30 Nov 2009 08:39:57 GMT https://community.cisco.com/t5/network-access-control/local-aaa-server-configuration-for-https-authentication-proxy/m-p/1260071#M367448 k.protopapas 2009-11-30T08:39:57Z