Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1799
Views
0
Helpful
3
Replies

aaa auth include tcp/10000 login issue

smartnet
Level 1
Level 1

‎08-30-2002 07:16 AM - edited ‎02-21-2020 10:03 AM

I'm trying to use the command

"aaa authentication include tcp/10000 10.6.1.3 255.255.255.255 0.0.0.0

0.0.0.0 AuthInbound"

The application behind this is browser based, so I'm trying to hit port 10000 with IE6, and not getting anything other than the message

"Authorization is required" page=

Port 80 works fine- I do get the expected dialog for username/password if I hit port 80 (which is the regular website for this server) Port tcp/10000 does not make my browser pop up the dialog though...

what do I do to make the usual login dialog window appear on this aaa command?

This is critical for using any website on non-standard ports (which many administrative applications do)

thanks, Tim

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎09-01-2002 08:48 PM

I'm surprised the PIX even allows you to put tcp/10000 in as the service type in that command. All it's really going to accept/interpret in this command is the keywords telnet, http, any or ftp.

What I would suggest is putting in "http" instead of "tcp/10000" cause that's definately not going to work. Then you have to tell the PIX that TCP port 10000 packets are HTTP, so use the command:

> fixup protocol http 10000

and see how that goes.

0 Helpful

smartnet
Level 1
Level 1
In response to gfullage

‎09-03-2002 05:51 AM

The idea I had was from this TAC case online:

http://www.cisco.com/warp/public/110/pix51.shtml#add_auth

the following line:

aaa authentication include tcp/49 inbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Incoming

Not directly related, but hoped it would work...

I do happen to have

fixup protocol http 10000

in the PIX-

what I don't have is the http version of auth-

The problem is that there are virtual servers on that box-

I want to allow unrestricted access to port 80 with _no_ auth -

but I do want to require auth on http sessions to port 10000

Also, the PIX supports many other webservers on other IP addresses-

so I'm restricted as to how I can do the global level commands-

I don't fully understand the ramifications of 'no fixup protocol http 80'

which I guess would return port 80 connections to their normal

non-filtered state.... but it would do it for all webservers

on the entire PIX, not just that one server.

ideas?

tim

0 Helpful

smartnet
Level 1
Level 1
In response to smartnet

‎09-03-2002 07:25 AM

Further thoughts- I tried using the 'fixup protocol http 10000'

with an aaa statement for http on the PIX-

What happened was that I got auth requirements on port 80, but not on port 10000 ... the PIX somehow assumed that since I'd said http, I must be talking about port 80... I removed the fixup for protocol http 80

and nothing changed (yes, I was doing write mem, before testing..)

0 Helpful
Customers Also Viewed These Support Documents