Authentication Proxy Configuration

User

User

AAA server

Add an ACL to b lock inward traffic from the inside except from the AAA server.

Add an ACL to b lock inward traffic from the outside.

A

.Z -M

Outbound Enable the authentication proxy to intercept inward HTTP traffic from the _inside._

Outbound Enable the authentication proxy to intercept inward HTTP traffic from the _inside._

Inbound Enab le the authentication proxy to intercept inward HTTP traffic from the outside.

©2000, Cisco Systems.

Apply the authentication proxy in the inward direction at any interface on the router where you want per-user authentication and authorization. Applying the authentication proxy inward at an interface causes it to intercept a user's initial connection request before that request is subjected to any other processing by the firewall. If the user fails to authenticate with the AAA server, the connection request is dropped.

How you apply the authentication proxy depends on your security policy. For example, you can block all traffic through an interface, and enable the authentication proxy feature to require authentication and authorization for all user-initiated HTTP connections. Users are authorized for services only after successful authentication with the AAA server. The authentication proxy feature also allows you to use standard access lists to specify a host or group of hosts whose initial HTTP traffic triggers the proxy.

0 0

Post a comment