Hi Tyson Does Auth proxy work on non-standard port too? It didn't work for me.
Snippet from http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authen_prxy_ps6441_TSD_Products_Configuration_Guide_Chapter.html Restrictions for Configuring Authentication Proxy •The authentication proxy triggers only on HTTP connections. •HTTP services must be running on the standard (well-known) port, which is port 80 for HTTP. •Client browsers must enable JavaScript for secure authentication. •The authentication proxy access lists apply to traffic passing through the router. Traffic destined to the router is authenticated by the existing authentication methods provided by Cisco IOS software. •The authentication proxy does not support concurrent usage; that is, if two users try to log in from the same host at the same time, authentication and authorization applies only to the user who first submits a valid username and password. •Load balancing using multiple or different AAA servers is not supported. With regards Kings On Tue, Jan 18, 2011 at 4:09 AM, Tyson Scott <[email protected]> wrote: > It is the secure-http-client command that changes the website. > > > > To listen on a non standard port for Auth-proxy > > > > ip port-map http port <new-port> > > > > That is how you can run Auth-Proxy on a non-standard port. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Bruno > *Sent:* Monday, January 17, 2011 5:46 AM > *To:* Kingsley Charles > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] Auth proxy + Cut thru proxy ? PORT > XYZ !!! > > > > Hi guys > > > > There is a feature on cut-through proxy on ASAs where you can change the > default listener port either for http or https. It also changes the way > cut-through proxy shows its message for authentication > > > > The command is: > > aaa authentication listener [http|https] INTERFACE [redirect] port XXXX > > > > This command together with aaa authentication match makes the ASA's CT > proxy feature listener whatever port. > > > > Do not forget to configured "aaa authentication secure-http-client" for > https feature. > > > > On Mon, Jan 17, 2011 at 10:46 AM, Kingsley Charles < > [email protected]> wrote: > > Comments inline > > On Mon, Jan 17, 2011 at 4:37 PM, kamran shakil <[email protected]> > wrote: > > Well, > I have 2 QUERIES , pretty straight , but i am finding some concerns in it : > > 1> In ROUTERS, can i use another port for HTTP AUTH PROXY rather than > default 80 ? > > > Nope > > > 2> In ASA > can i use another port for HTTP CUT-THRU PROXY rather than > default ? > > > I don't think so. > > > regards, > Kamran. > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
