Hi can you do cut-through proxy auth from outside interface to a DMZ, or likewise ?
regards Martin
Hi can you do cut-through proxy auth from outside interface to a DMZ, or likewise ?
regards Martin
Hi Martin,
I assume that you mean to something like a WWW server sat on the DMZ. If I'm wrong myt apologies.
I was looking at my CSPFA book. It says under Cut Through Proxy:
'A typical design for this technology is a user on the Internet accessing an HTTP server on a company DMZ'
Frustratingly there is no example I can give you other to point you in the direction of the Cisco WWW site. No doubt someone more knowledgeable will be able to offer more, however, I would guess you just need allow access via the global IP, perhaps something like:
aaa-server MYSERVER protocol tacacs+ / radius etc aaa-server MYSERVER (inside) host xxx.xxx.xxx.xxx secretkey timeout 10
Then the authentication service (HTTP, Telnet, FTP or any) - I'll assume any. So.....
aaa authentication include any inbound 0 0 global_ip_of_DMZ_server/mask MYSERVER
make sure that you have your static for (DMZ, outside) and your access-list allowing traffic from the outside in.
If that doesn't do it, try substituting global_ip_of_DMZ_server with
0 0 to represent any destination.HTH.
Regards
Darren
Hiya,
correct !
sounds just like what I need.
I have set up several Inside to outside auth, using PIX (Wireless hotspots etc) But I just wondered if the PIX, by design or something, can do this the outside and inbound. But the text you have quoted, sure sounds like it's doable.
So I'll guess I will give it a try in the Lab.
Thx for your input.
/Martin
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.