Authentication Proxy

When you configure the authentication proxy, you do not assign a direction at the interface because it is always applied to the inbound path. Authentication proxy intercepts the packet before it reaches the inbound ACL. Consequently, an inbound ACL can block all traffic, except for the special servers or devices that need to communicate with the Cisco IOS Firewall.

Authentication proxy dynamically opens connections on the inbound ACL of the input interface where the proxy is enabled, as well as on the outbound ACL of the output interface where the packet exits. This enables the packet to leave and lets the firewall engine intercept and take control.

0 0

Post a comment