https://community.cisco.com/t5/network-access-control/pix-outbound-user-authentication/m-p/115292#M6084 <HTML><HEAD></HEAD><BODY><P>Actually, I think I mis-spoke earlier. After making the post, I went back and looked becuase I thoughtr I remembered something being added recently that changed this. Turns out, you can use the Local user database for cut through proxy authentication in later code (6.2 and above). Just specify LOCAL in the "group_tag" parameter. See the following - <A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#1111727" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#1111727</A></P><P></P><P>Sorry about that!</P><P></P><P>Scott</P></BODY></HTML> Fri, 05 Sep 2003 15:24:12 GMT scoclayton 2003-09-05T15:24:12Z https://community.cisco.com/t5/network-access-control/pix-outbound-user-authentication/m-p/115289#M6081 <P>PIX by default allow all the user behind the firewall to access Internet, Is they any way to configure PIX to force user to authenticate against PIX local username database ( Instead of TACACS+ and Radius), before accessing the Internet.</P><P></P><P>Thanks </P> Fri, 21 Feb 2020 18:08:15 GMT https://community.cisco.com/t5/network-access-control/pix-outbound-user-authentication/m-p/115289#M6081 r.fang 2020-02-21T18:08:15Z https://community.cisco.com/t5/network-access-control/pix-outbound-user-authentication/m-p/115290#M6082 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Unfortuantely, the answer is no for using the local username database. I believe the only features that we can use the local database for is remote access like PPTP and IPSec client access. Tacacs and Radius are the only options for outbound authentication. Sorry. You may want to talk to your local Cisco account team about a feature request if this is something you need/want.</P><P></P><P>Scott</P></BODY></HTML> Fri, 05 Sep 2003 15:04:06 GMT https://community.cisco.com/t5/network-access-control/pix-outbound-user-authentication/m-p/115290#M6082 scoclayton 2003-09-05T15:04:06Z https://community.cisco.com/t5/network-access-control/pix-outbound-user-authentication/m-p/115291#M6083 <HTML><HEAD></HEAD><BODY><P>Scott,</P><P></P><P>Could local database work in junction with Virtual HTTP command to get it works???</P><P>Thanks</P></BODY></HTML> Fri, 05 Sep 2003 15:07:43 GMT https://community.cisco.com/t5/network-access-control/pix-outbound-user-authentication/m-p/115291#M6083 r.fang 2003-09-05T15:07:43Z https://community.cisco.com/t5/network-access-control/pix-outbound-user-authentication/m-p/115292#M6084 <HTML><HEAD></HEAD><BODY><P>Actually, I think I mis-spoke earlier. After making the post, I went back and looked becuase I thoughtr I remembered something being added recently that changed this. Turns out, you can use the Local user database for cut through proxy authentication in later code (6.2 and above). Just specify LOCAL in the "group_tag" parameter. See the following - <A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#1111727" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#1111727</A></P><P></P><P>Sorry about that!</P><P></P><P>Scott</P></BODY></HTML> Fri, 05 Sep 2003 15:24:12 GMT https://community.cisco.com/t5/network-access-control/pix-outbound-user-authentication/m-p/115292#M6084 scoclayton 2003-09-05T15:24:12Z