08-01-2003 08:05 AM - edited 03-10-2019 07:25 AM
Hi,
I am trying to authenticate inbound http users to a pix, but with users navigating in their browsers on a port other than 80. The port is in the fixup http list, but the following command does not work :
aaa authentication include http outside 192.168.0.1 255.255.255.0 0 0 authserv
this command works for port 80 but if I try it for another port it does not work.
If I try
aaa authentication include http/8080 outside 192.168.0.1 255.255.255.0 0 0 authserv
it obviously does not work because it has not been thought this way and
aaa authentication include tcp/8080 outside 192.168.0.1 255.255.255.0 0 0 authserv
freezes the browser, like if it does not connect. So I am thinking that the aaa authenticate command should take into consideration the TCP ports mentionned in the fixup protocol list. Or am I missing something ?
Thanks for any input !
Olivier
08-03-2003 10:09 PM
You shouldn't need any fixup protocol to enable users to access http 8080.
Your problem seems more on the user profile on the authserv... have you configured correct user profile to allow users on TCP/8080...
the correct command on PIX would be;
aaa authentication include tcp/8080 outside 192.168.0.1 255.255.255.0 0 0 authserv
and not;
aaa authentication include http/8080 outside 192.168.0.1 255.255.255.0 0 0 authserv
R/Yusuf
08-04-2003 06:51 AM
The problem is not to enable straight user access to http on port 8080, but rather to authenticate users using the same aaa mecanism but on port 8080 instead of port 80 as when :
aaa authenticate include http outside 192.168.0.1 255.255.255.255 0 0 authserv
but that the "http" keyword takes any http port session that is identified on the fixup list, otherwise I don't really see how it can guess that there is http traffic on another port. It would have to open every packet looking for http traffic..
Or have a command such as the one I suggested with http/port# could help but this command is not there...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide