PIXOS 6.3 - cutthrough proxy auth

Hi Martin,

I assume that you mean to something like a WWW server sat on the DMZ. If I'm wrong myt apologies.

I was looking at my CSPFA book. It says under Cut Through Proxy:

'A typical design for this technology is a user on the Internet accessing an HTTP server on a company DMZ'

Frustratingly there is no example I can give you other to point you in the direction of the Cisco WWW site. No doubt someone more knowledgeable will be able to offer more, however, I would guess you just need allow access via the global IP, perhaps something like:

aaa-server MYSERVER protocol tacacs+ / radius etc aaa-server MYSERVER (inside) host xxx.xxx.xxx.xxx secretkey timeout 10

Then the authentication service (HTTP, Telnet, FTP or any) - I'll assume any. So.....

aaa authentication include any inbound 0 0 global_ip_of_DMZ_server/mask MYSERVER

make sure that you have your static for (DMZ, outside) and your access-list allowing traffic from the outside in.

If that doesn't do it, try substituting global_ip_of_DMZ_server with

HTH.

Regards

Darren

Hiya,

correct !

sounds just like what I need.

I have set up several Inside to outside auth, using PIX (Wireless hotspots etc) But I just wondered if the PIX, by design or something, can do this the outside and inbound. But the text you have quoted, sure sounds like it's doable.

So I'll guess I will give it a try in the Lab.

Thx for your input.

/Martin