Authentication Proxy and the Cisco IOS Firewall

Authentication proxy is a feature that became available with Cisco IOS Software Release 12.0.5.T. Authentication proxy is compatible with the following Cisco IOS Software security features:

• Context-Based Access Control (CBAC) CBAC was discussed in great detail in Chapter 15 , "Context-Based Access Control." If you configure authentication proxy to work with CBAC, you can create dynamic access control entries. If you do not configure authentication proxy with CBAC, you need to reference static access lists on the Cisco IOS Firewall.

• Network Address Translation (NAT) Enables you to translate internal addresses to external (normally public) addresses. If you are using authentication proxy on a firewall that is also performing NAT, you must also use CBAC to ensure that session translations do not conflict.

• IPsec encryption Authentication proxy works transparently with IPsec encryption.

• VPN client software Authentication proxy can be used for user authentication when creating a virtual private network (VPN) connection. This feature provides an additional level of security for administrators by authenticating the user before the encrypted connection is created.

• Cisco IOS Firewall Intrusion Detection System (IDS) Authentication proxy works transparently with Cisco IOS Firewall IDS.

0 0

Post a comment