Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Can't make PIX authenticate

I'm trying to configure a Cisco Pix 506E. I've added a static translation rule for IP. Then I've added an access rule to the inside network over one port I need to use. Everything is working Ok and I do connect through the Pix over such port. But, when I add an Authentication rule with the LOCAL server to make the Pix ask for a User Name and Password when accessing to a host in the inside network, the connection is not possible and I no user name and password is requiered ever.

Please help me. What should I do?

Ivan Martinon
Rising star

I presume you are trying to use Cut-Through-Proxy feature on this pix, if this is the case is this a standard TCP port like HTTP, HTTPS or TELNET? These are the only ports that work with straight forward with the proper aaa setup. If you are using another service like RDP or so you would need to use Virtual configs like virtual telnet or virtual http check the link below:

Excuse me, may be I did not explain very well. What I want to do is to perform a Remote Desktop Connection from the Outside network to a specific hot in the inside network, and to specify who can access that host in that way in the LOCAL Pix database with user names and passwords. So, it happens that when I create the static translation rule and an access rule to give access on the Remote Desktop Port (3389), I do connect by Remote Desktop to the host in the inside network. But, when I add an Authentication Rule, I am not ever asked for the user name nor password and the connection is not possible any more. You told that this is not possible? I'm using PDM to configure the Pix.

You did explain well, this feature is called Cut-Through-Proxy, and it is supported straigh through for HTTP, HTTPS and TELNET, for services such as RDP (port 3389) you need to use either virtual telnet or virtual http to make it even prompt for authentication, please take a look at the link I sent you.

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube