Solved

PIX 501 cut-through proxy

Posted on 2004-04-22
5
541 Views
Last Modified: 2012-06-27
Hello, I have a pix 501 and need what i would believe to be a very simple configuration(for someone that knows how to do it)

I am installing this small pix at a smal 15 client site.  The configuration needs to require that people enter a password to access the internet.  

I was reading from the syngress PIX book and am trying to get a handle on this.  

Basically NO ONE is to get on the net without a password, we do not require user accounts, just a password.  HOWEVER the server does need to access the internet without a password(smtp, rdp).

Also how will this work with one to one outside/in NATS for publishing servers?

0
Comment
Question by:Brent92663
  • 3
5 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10901200
0
 
LVL 1

Expert Comment

by:ambarishsen
ID: 10901411
For the internet password feature which you are looking for PIX cannot handle that by itself,
you need to deploy a 3rd part server as a TACACS/RADIUS, for FTP/HTTP/Telnet.
and a static translation with ACL is required for outside to inside access.

Thanks.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10906683
You can definitely do this with a local password setup on the PIX.
0
 

Author Comment

by:Brent92663
ID: 10939850
Hmmm, conflicting answers here... anyone have a definitive answer?  With anything to back it up?  I don't want to have to use a server external to the pix.
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 10940679
It's definitely possible, but not very well documented.  You can only do it with http, https, telnet and ftp.

These lines should do the trick...  ;)

aaa-server local protocol local
aaa authentication include http outbound 0 0 0 0 local
aaa authentication include https outbound 0 0 0 0 local
username tim_holman password

Command ref for AAA commands on 6.3:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a0080104239.html

I don't have a PIX to play with at the moment, but should be at least 99% correct !
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now