ccie_security  

Re: [OSL | CCIE_Security] ACL and auth-proxy

waleed '
Thu, 09 Feb 2012 07:45:10 -0800

the question is why in the some examples for auth proxy we use access-list to 
deny any any from access ho http server 

Date: Thu, 9 Feb 2012 18:37:54 +0530
From: kingsley.char...@gmail.com
To: a....@live.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] ACL and auth-proxy

You need to apply the access-list to the interface.

With regards
Kings

On Thu, Feb 9, 2012 at 6:35 PM, HA Ali <a....@live.com> wrote:





Kings : 
       Even when there is no access-group define on the interface as explained 
in the doc cd ? ( following is the copy and paste from it ) 

Date: Thu, 9 Feb 2012 18:32:59 +0530
Subject: Re: [OSL | CCIE_Security] ACL and auth-proxy

From: kingsley.char...@gmail.com
To: a....@live.com
CC: ccie_security@onlinestudylist.com


sh access-list should show them.

With regards
Kings

On Thu, Feb 9, 2012 at 5:29 PM, HA Ali <a....@live.com> wrote:







While doing debugs I get following messages

*Mar  1 00:40:26.271: TAC+: Received Attribute "priv-lvl=15"
*Mar  1 00:40:26.271: TAC+: Received Attribute "proxyacl#1=permit tcp any any 
eq 80"


*Mar  1 00:40:26.275: TAC+: Received Attribute "proxyacl#2=permit icmp any any"
*Mar  1 00:40:26.275: AAA/AUTHOR (1909359833): Post authorization status = 
PASS_ADD


and on the client end i see authentication sucessful . But on router when i do 
show ip access-list or show access-list I dont see any ACL . I remember in ASA 
the command was show uauth to check that , is there any different command to 
check these dynamic ACLs I cant remember of at the moment . 



On IOS when i do show ip auth-proxy cache , i can see the client ip address and 
username .


                                          

_______________________________________________

For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com



Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

                                          



_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com                                         
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com