Foundation Summary

The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your SNRS exam, a well-prepared candidate should at a minimum know all the details in each "Foundation Summary" before going to take the exam.

Authentication proxy facilitates communication between the Cisco IOS Firewall and a AAA server. This communication enables administrators to restrict access to resources down to the individual "authenticated" user level. Authentication proxy requires you to configure both the Cisco IOS Firewall and the AAA server. Configuring the Cisco IOS Firewall requires four tasks:

1. Configure AAA.

2. Configure the HTTP server.

3. Configure authentication proxy.

4. Verify the authentication proxy configuration.

The following three primary tasks are required to configure the Cisco Secure ACS as a TACACS+ or RADIUS server:

• Network configuration

• Interface configuration

• Authentication proxy configuration

Authentication proxy is not a bidirectional service. You must configure authentication proxy to respond to requests from internal or external sources. If you need to configure authentication proxy to function in both directions, you must create an inbound configuration and an outbound configuration.

It is important to understand the limitations of authentication proxy to ensure that the correct solution is designed to fulfill the business requirement. Limitations of authentication proxy include the following:

• Authentication proxy only supports HTTP and HTTPS on standard ports (80 and 443).

• Authentication proxy requires that the client browser be configured to support JavaScript to perform secure authentication.

• Authentication proxy does not support access directly to the Cisco IOS Firewall.

• Only a single user account can be logged on at a time. Authentication proxy does not support concurrent usage.

• Authentication proxy can only be configured to a single AAA server or server type.

0 0

Post a comment