05-27-2002 05:28 AM - edited 02-21-2020 10:00 AM
Hi ,
I've got a design question.
I've to set up a firewall solution for a company which is using some terminal servers for their users.
What I'm concerned about is how PIX would handle internet connections coming from the same internal IP address ( whose of the terminal server ) .
I need the PIX to askk for authentication for outgoing HTTP connections , but all the user will be seen as coming from the same IP address. I wonder if the PIX would prompt for authentication only at the first user connection.
Also I'd like to know if anyone has set up , and how , the authentication using Microsoft's WIN2000 embedded RADIUS server .
TIA
06-04-2002 05:54 AM
The PIX caches authentication information based on source IP address unless you set the timeout value to zero. Doing so, will require your users to re-authenticate constantly. I dont understand your setup enough to know how all your users will be coming from the same IP address and if so, how the return packets will route to the respective user properly regardless. I would suggest talking to a Cisco SE to propose a solution for you.
06-04-2002 06:08 AM
The users are working on a terminal server. Which means that it all the users share the same server tough the same IP
06-05-2002 07:03 PM
I hate to say it, but you will probably need to front-end your pix with a proxy server and point your IE app on your terminal servers to the proxy for authentication.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide