Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2421
Views
0
Helpful
4
Replies

Local AAA server configuration for https authentication proxy

k.protopapas
Level 1
Level 1

‎11-24-2009 05:34 AM - edited ‎03-10-2019 04:48 PM

I have the following scenario:I require to set up a transparent firewall using a Cisco 1841 router with 2 Fast Ethernet interfaces with IOS version 12.4(15)T9 Advanced Security.The project also calls for authenticating users using the ip auth-proxy feature.The users should use https to connect to an internal server.The IP addresses of the users are dynamic (i.e. they may authenticate from the Internet).I have set up successfully the ip auth-proxy feature using an external ACS server using TACACS+.However, i want to use the AAA local server feature in order to implement this project instead of using an external AAA server.

The question is how to configure the local AAA attributes in order to have the same functionality as when using an external AAA server(i.e dynamic proxy ACL entries permitting specific IP addresses and protocols) without using one(i.e using only the local AAA server feature of Cisco IOS).

Labels:
0 Helpful
4 Replies 4

Farrukh Haroon
VIP Alumni
VIP Alumni

‎11-25-2009 05:01 AM

AFAIK, the auth-proxy feature is only supported using an external AAA. If you need to use the local dat

abase, you have to look at the lock-n-key feature, please see these links:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authen_prxy.html#wp1054354

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_lock_key_secrty_ps6350_TSD_Products_Configuration_Guide_Chapter.html


Regards

Farrukh

0 Helpful

k.protopapas
Level 1
Level 1
In response to Farrukh Haroon

‎11-25-2009 05:22 AM

You probably did not understand that i want to use the authentication proxy feature.I dont want to use lock-and-key.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to k.protopapas

‎11-27-2009 09:46 AM

Check out the table on the first link comparing auth-proxy and lock-n-key, it clearly states that local authentication is not supported with auth-proxy. this is from Cisco not me

0 Helpful

k.protopapas
Level 1
Level 1

‎11-30-2009 12:39 AM

I know about that.But Cisco also states that the Local AAA server can be used instead of an external AAA server.So,stop posting unless you have a solution to my problem.

0 Helpful
Customers Also Viewed These Support Documents