PIX by default allow all the user behind the firewall to access Internet, Is they any way to configure PIX to force user to authenticate against PIX local username database ( Instead of TACACS+ and Radius), before accessing the Internet.
Unfortuantely, the answer is no for using the local username database. I believe the only features that we can use the local database for is remote access like PPTP and IPSec client access. Tacacs and Radius are the only options for outbound authentication. Sorry. You may want to talk to your local Cisco account team about a feature request if this is something you need/want.
Actually, I think I mis-spoke earlier. After making the post, I went back and looked becuase I thoughtr I remembered something being added recently that changed this. Turns out, you can use the Local user database for cut through proxy authentication in later code (6.2 and above). Just specify LOCAL in the "group_tag" parameter. See the following - http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#1111727
Sorry about that!
Scott
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
