Re: PIX http Authentication & Terminal server

scolombo · ‎05-27-2002

Hi ,

I've got a design question.

I've to set up a firewall solution for a company which is using some terminal servers for their users.

What I'm concerned about is how PIX would handle internet connections coming from the same internal IP address ( whose of the terminal server ) .

I need the PIX to askk for authentication for outgoing HTTP connections , but all the user will be seen as coming from the same IP address. I wonder if the PIX would prompt for authentication only at the first user connection.

Also I'd like to know if anyone has set up , and how , the authentication using Microsoft's WIN2000 embedded RADIUS server .

TIA

murabi · ‎06-04-2002

The PIX caches authentication information based on source IP address unless you set the timeout value to zero. Doing so, will require your users to re-authenticate constantly. I don’t understand your setup enough to know how all your users will be coming from the same IP address and if so, how the return packets will route to the respective user properly regardless. I would suggest talking to a Cisco SE to propose a solution for you.

scolombo · ‎06-04-2002

The users are working on a terminal server. Which means that it all the users share the same server tough the same IP

jcampbell · ‎06-05-2002

I hate to say it, but you will probably need to front-end your pix with a proxy server and point your IE app on your terminal servers to the proxy for authentication.