Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1131
Views
0
Helpful
2
Replies

PIX 501 RADIUS authentication problem

cdonner64
Level 1
Level 1

‎09-12-2004 10:45 AM - edited ‎02-21-2020 10:11 AM

I am trying to configure my Pix 501 to authenticate incoming HTTP traffic on port 8081 through RADIUS.

I thought that

aaa authentication include tcp/8081 outside 10.10.1.109 255.255.255.255 0.0.0.0 0.0.0.0 smsradius

should do the trick, but I don't get the prompt.

When I change this comamnd to 'inside', it works and inside HTTP requests get challanged. So I assume that my command is correct.

I was wondering if this is because the Pix is trying to authenticate the client using port 80 and not 8081. Port 80 would be blocked by my provider.

How does the challange work, technically? Do I have to configure something else?

This is what I see in the log:

Authorization denied from 24.34.193.190/1065 to 10.10.2.2/8081 (not authenticated) on interface outside

Thanks.

Labels:
0 Helpful
2 Replies 2

jmia
Level 7
Level 7

‎09-13-2004 03:24 AM

Christian,

You may find the following document helpful for your situation:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800941ae.shtml

Let me know if this helps

Jay

0 Helpful

cdonner64
Level 1
Level 1
In response to jmia

‎09-13-2004 04:46 AM

Jay,

Thanks for pointing my to this document which I had already seen. The document does not mention it, but HTTP authentication only works on ports 80 or 8080.

(see <http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd64254/123#selected_message>)

I changed the port to 8080 and it started to work.

c.

0 Helpful
Customers Also Viewed These Support Documents