https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727130#M421059 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I have had the same problem with IOS 12.3(19). FTP and Telnet never worked.</P><P></P><P>regards</P><P>Herbert</P></BODY></HTML> Thu, 31 May 2007 10:08:35 GMT herbert.aichhorn 2007-05-31T10:08:35Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727127#M421053 <P>hi i was trying to configure auth proxy in my router .. with acs using tacacs+.. but somewhere the authentication was failing..</P><P></P><P>i had configured acs as required and i dont find any problem with it as it is succefully working with http auth proxy..</P><P></P><P>configuration for router for telnet auth is </P><P></P><P>aaa new-model</P><P></P><P>aaa authentication login default group aaa_serv group radius</P><P></P><P>aaa authorization auth-proxy default aaa_serv</P><P></P><P>ip auth-proxy name telnet_auth telnet</P><P></P><P>tacacs+ host 10.1.1.3 key xxxx</P><P></P><P>aaa group server tacacs+ aaa_serv</P><P>server 10.1.1.3</P><P></P><P></P><P>interface fastetherne 0/0</P><P>ip auth-proxy telnet_auth</P><P></P><P></P><P></P> Sun, 10 Mar 2019 22:05:38 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727127#M421053 diptanshusingh 2019-03-10T22:05:38Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727128#M421055 <HTML><HEAD></HEAD><BODY><P>The authentication proxy feature allows users to log in to a network or access the Internet via HTTP, with their specific access profiles automatically retrieved and applied from a TACACS+ or RADIUS server. The user profiles are active only when there is active traffic from the authenticated users. </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008017b2a4.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008017b2a4.shtml</A></P></BODY></HTML> Thu, 19 Apr 2007 12:35:05 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727128#M421055 thomas.chen 2007-04-19T12:35:05Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727129#M421057 <HTML><HEAD></HEAD><BODY><P>Dear Bro, I think that we can do auth proxy with telnet also .. i can do successful authentication with http auth proxy, but not with telnet.</P><P> </P></BODY></HTML> Thu, 19 Apr 2007 13:50:41 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727129#M421057 diptanshusingh 2007-04-19T13:50:41Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727130#M421059 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I have had the same problem with IOS 12.3(19). FTP and Telnet never worked.</P><P></P><P>regards</P><P>Herbert</P></BODY></HTML> Thu, 31 May 2007 10:08:35 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727130#M421059 herbert.aichhorn 2007-05-31T10:08:35Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727131#M421060 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Let me give it a try,</P><P></P><P>I just did a test few days before. I have all the setup intact. It wont harm adding Telnet and FTP. Will give it a try, but only in Monday, on weekends no work =D</P><P></P><P>Regards,</P><P>Prem</P></BODY></HTML> Fri, 01 Jun 2007 23:46:01 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727131#M421060 Premdeep Banga 2007-06-01T23:46:01Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727132#M421061 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Most probably I'll try this today. In meanwhile do look into this,</P><P></P><P>Firewall Authentication Proxy for FTP and Telnet Sessions:</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/ftp_tel.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123_1/ftp_tel.htm</A></P><P></P><P>"Authentication proxy is subjected only to the traffic that passes through the router; traffic that is destined for the router continues to be authenticated by the existing authentication methods that are provided by Cisco IOS."</P><P></P><P>Regards,</P><P>Prem</P></BODY></HTML> Mon, 04 Jun 2007 04:34:30 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727132#M421061 Premdeep Banga 2007-06-04T04:34:30Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727133#M421062 <HTML><HEAD></HEAD><BODY><P>So Finally,</P><P></P><P>Here it is,</P><P></P><P>when you configure New Services on ACS, from Itnerface Configuration &gt; TACACS+</P><P></P><P>specify "auth-proxy" for Service and "ip" for Protocol.</P><P></P><P>It a one step more then HTTP auth proxy, where we only need to specify "auth-proxy" for Service.</P><P></P><P>if you do not do that, and try to do telnet auth proxy you'll get following error on FAiled Attempts,</P><P></P><P>Author-Failure-Code : Service denied</P><P>Author-Data : service=auth-proxy protocol=ip</P><P></P><P>Here's what happens when its successful,</P><P>------------------</P><P>Firewall authentication</P><P>Username:test</P><P>Password:</P><P>Firewall authentication Success.</P><P>Connection will be closed if remote server does not respond</P><P>Connecting to remote server...</P><P></P><P></P><P>User Access Verification</P><P></P><P>Username: admin</P><P>Password:</P><P></P><P>Switch&gt;</P><P>------------------</P><P>So summarizing IT WORKS!!</P><P></P><P>Regards,</P><P>Prem</P></BODY></HTML> Tue, 05 Jun 2007 22:13:06 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727133#M421062 Premdeep Banga 2007-06-05T22:13:06Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727134#M421063 <HTML><HEAD></HEAD><BODY><P>Hi prem, thanks a ton man for finding out the solution..</P></BODY></HTML> Wed, 06 Jun 2007 06:59:08 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727134#M421063 diptanshusingh 2007-06-06T06:59:08Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727135#M421064 <HTML><HEAD></HEAD><BODY><P>Hi Prem</P><P></P><P>please you can you provide the following information:</P><P>- is the protocol "ip" necessary wirh service auth-proxy on ACS</P><P>- which IOS on what plattform have you tested ?</P><P></P><P>regards,</P><P>Herbert</P></BODY></HTML> Wed, 06 Jun 2007 07:51:35 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727135#M421064 herbert.aichhorn 2007-06-06T07:51:35Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727136#M421065 <HTML><HEAD></HEAD><BODY><P>ip is neccessary only when we want to use ftp or telnet, for http we dont need.. </P></BODY></HTML> Wed, 06 Jun 2007 09:58:39 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727136#M421065 diptanshusingh 2007-06-06T09:58:39Z https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727137#M421066 <HTML><HEAD></HEAD><BODY><P>Hi Herbert,</P><P></P><P>Diptanshu is correct, we need it if we are using FTP or Telnet, not HTTP, as I have mentioned earlier. I guess I tested it on 12.4(x) IOS. Have to look into. Will let you know.</P><P></P><P>Please mark this thread as solved, so that others can benefit from it.</P><P></P><P>Let me know if you have more questions.</P><P></P><P>Thanks,</P><P>Prem</P></BODY></HTML> Wed, 06 Jun 2007 11:10:03 GMT https://community.cisco.com/t5/network-access-control/telnet-auth-proxy/m-p/727137#M421066 Premdeep Banga 2007-06-06T11:10:03Z