https://community.cisco.com/t5/network-access-control/cisco-pix-local-http-authentication/m-p/230912#M434610 <P>Hello group,</P><P></P><P>We currently have a PIX 501 to PIX 501 vpn between two offices. We</P><P>have an AS400 at the main site. At both locations we would like the</P><P>users to authenticate to the PIX locally for internet access. I</P><P>understand that the PIX allows for telnet, ftp and http authentication</P><P>locally but will the users have to authenticate against the PIX for</P><P>other traffic being passed by the AS400 or other systems on the two</P><P>networks via the VPN. Meaning we only want the user to have to</P><P>authenticate to the PIX for internet access only and not have to</P><P>authenticate against the PIX for normal traffic between the two sites.</P><P> This traffic should be allowed to flow freely without a user name and</P><P>password. I have read the documentation on this but am unsure if this</P><P>is allowed. ** At both sites internet access routes directly out it</P><P>does not tunnel through the VPN. We do not have a radius or tacacs server.</P><P></P><P>Thanks as always,</P><P></P><P>Joe</P> Sun, 10 Mar 2019 14:44:26 GMT joe.sallmann 2019-03-10T14:44:26Z https://community.cisco.com/t5/network-access-control/cisco-pix-local-http-authentication/m-p/230912#M434610 <P>Hello group,</P><P></P><P>We currently have a PIX 501 to PIX 501 vpn between two offices. We</P><P>have an AS400 at the main site. At both locations we would like the</P><P>users to authenticate to the PIX locally for internet access. I</P><P>understand that the PIX allows for telnet, ftp and http authentication</P><P>locally but will the users have to authenticate against the PIX for</P><P>other traffic being passed by the AS400 or other systems on the two</P><P>networks via the VPN. Meaning we only want the user to have to</P><P>authenticate to the PIX for internet access only and not have to</P><P>authenticate against the PIX for normal traffic between the two sites.</P><P> This traffic should be allowed to flow freely without a user name and</P><P>password. I have read the documentation on this but am unsure if this</P><P>is allowed. ** At both sites internet access routes directly out it</P><P>does not tunnel through the VPN. We do not have a radius or tacacs server.</P><P></P><P>Thanks as always,</P><P></P><P>Joe</P> Sun, 10 Mar 2019 14:44:26 GMT https://community.cisco.com/t5/network-access-control/cisco-pix-local-http-authentication/m-p/230912#M434610 joe.sallmann 2019-03-10T14:44:26Z https://community.cisco.com/t5/network-access-control/cisco-pix-local-http-authentication/m-p/230913#M434611 <HTML><HEAD></HEAD><BODY><P>The PIX only authenticates HTTP traffic if you tell it to authenticate it. All other traffic, including FTP and telnet will not be authenticated unless you configure it.</P></BODY></HTML> Sun, 04 Apr 2004 03:52:33 GMT https://community.cisco.com/t5/network-access-control/cisco-pix-local-http-authentication/m-p/230913#M434611 rmorrow 2004-04-04T03:52:33Z