cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1387
Views
0
Helpful
3
Replies

PIX outbound user authentication

r.fang
Level 1
Level 1

PIX by default allow all the user behind the firewall to access Internet, Is they any way to configure PIX to force user to authenticate against PIX local username database ( Instead of TACACS+ and Radius), before accessing the Internet.

Thanks

3 Replies 3

scoclayton
Level 7
Level 7

Hi,

Unfortuantely, the answer is no for using the local username database. I believe the only features that we can use the local database for is remote access like PPTP and IPSec client access. Tacacs and Radius are the only options for outbound authentication. Sorry. You may want to talk to your local Cisco account team about a feature request if this is something you need/want.

Scott

Scott,

Could local database work in junction with Virtual HTTP command to get it works???

Thanks

Actually, I think I mis-spoke earlier. After making the post, I went back and looked becuase I thoughtr I remembered something being added recently that changed this. Turns out, you can use the Local user database for cut through proxy authentication in later code (6.2 and above). Just specify LOCAL in the "group_tag" parameter. See the following - http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#1111727

Sorry about that!

Scott