Port Redirection and Proxy Authentication

stephen.smithers · ‎09-27-2004

Has anyone managed to get proxy authentication to work correctly for HTTP when the port is redirected to another port. I have changed the basic fixup to include the new port and the authentication traffic acl uses this port but the PIX does not seem to make the association that this traffic is HTTP and does not provide the proxy authentication signon screen. If I change back to port 80 it works as expected.

Also does the proxy authentication service work with token based RADIUS authentication, doesn't appear to have the ability to handle pin changes or new tokencode requests.

Patrick Iseli · ‎09-30-2004

Take a look at this example configuration at the PIX example.

HTTP and FTP Proxy Caching Using a Cisco Cache Engine 550 and a PIX Firewall:

http://www.cisco.com/en/US/products/hw/contnetw/ps546/products_configuration_example09186a008009460a.shtml

Here's is an explaination for the fixup http but I don't think this has something to do with your configuration.

fixup protocol http

The fixup protocol http command sets the port for Hypertext Transfer Protocol (HTTP) traffic application inspection. The default port for HTTP is 80.

Use the port option to change the default port assignments from 80. Use the port-port option to apply HTTP application inspection to a range of port numbers.

Note The no fixup protocol http command statement also disables the filter url command.

HTTP inspection performs several functions:

•URL logging of GET messages

•URL screening through N2H2 or Websense

•Java and ActiveX filtering

The latter two features must be configured in conjuction with the filter command.

SEE:http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#wp1067379

sincerly

Patrick