Hi,

I am trying to configure web authentication in a Cisco Router ISR 4351 with and updated rommon and Denali 16.3.1 on it. I am used to the former "ip auth-proxy" way to configure this so I don't know if I am missing something. We use a Radius server and the configuration we have at this moment is something like this:

aaa new-model
!
!
aaa authentication login default local group radius
aaa authentication login company local group radius
aaa authentication ppp default local
aaa authentication ppp company local
aaa authorization exec default local group radius
aaa authorization network default none
aaa authorization network company none
aaa authorization auth-proxy default group radius
aaa authorization reverse-access default none
aaa authorization reverse-access company none

!
!
!
!
!
!
aaa session-id common

ip admission auth-proxy-banner http ^CCSecurity Banner^C
ip admission inactivity-timer 120
ip admission absolute-timer 360
ip admission name auth_rad proxy http inactivity-time 120 list 132

And, in the proper interface:

interface GigabitEthernet0/0/2
 description LAN connection
 ip address x.x.x.x 255.255.0.0
 ip broadcast-address x.x.x.x
 ip helper-address x.x.x.x
 ip helper-address x.x.x.x
 ip helper-address x.x.x.x
 ip helper-address x.x.x.x
 ip directed-broadcast
 ip nat inside
 ip route-cache policy
 ip access-group 126 in
 ip tcp adjust-mss 1360
 delay 10
 negotiation auto
 h323-gateway voip interface
 h323-gateway voip bind srcaddr x.x.x.x
 ip admission auth_rad

Where the ACL 126 is our standard ACL for inside interfaces from the LAN.

In this scenario, the web page for authentication does not appear in any case and I don't know the reason.

I have tried this same configuration in another cisco router 1921/k9 and IOS 15.2(4)M6 and it's working perfectly, so I guess that maybe is some Denali related configuration problem?

Thanks in advance.