I know that is what it states in the documentation but if you add the port-map command like I show below it will work on a non standard port.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Monday, January 17, 2011 10:12 PM To: Tyson Scott Cc: Bruno; [email protected] Subject: Re: [OSL | CCIE_Security] Auth proxy + Cut thru proxy ? PORT XYZ !!! Hi Tyson Does Auth proxy work on non-standard port too? It didn't work for me. Snippet from http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/se c_cfg_authen_prxy_ps6441_TSD_Products_Configuration_Guide_Chapter.html Restrictions for Configuring Authentication Proxy .The authentication proxy triggers only on HTTP connections. .HTTP services must be running on the standard (well-known) port, which is port 80 for HTTP. .Client browsers must enable JavaScript for secure authentication. .The authentication proxy access lists apply to traffic passing through the router. Traffic destined to the router is authenticated by the existing authentication methods provided by Cisco IOS software. .The authentication proxy does not support concurrent usage; that is, if two users try to log in from the same host at the same time, authentication and authorization applies only to the user who first submits a valid username and password. .Load balancing using multiple or different AAA servers is not supported. With regards Kings On Tue, Jan 18, 2011 at 4:09 AM, Tyson Scott <[email protected]> wrote: It is the secure-http-client command that changes the website. To listen on a non standard port for Auth-proxy ip port-map http port <new-port> That is how you can run Auth-Proxy on a non-standard port. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Bruno Sent: Monday, January 17, 2011 5:46 AM To: Kingsley Charles Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Auth proxy + Cut thru proxy ? PORT XYZ !!! Hi guys There is a feature on cut-through proxy on ASAs where you can change the default listener port either for http or https. It also changes the way cut-through proxy shows its message for authentication The command is: aaa authentication listener [http|https] INTERFACE [redirect] port XXXX This command together with aaa authentication match makes the ASA's CT proxy feature listener whatever port. Do not forget to configured "aaa authentication secure-http-client" for https feature. On Mon, Jan 17, 2011 at 10:46 AM, Kingsley Charles <[email protected]> wrote: Comments inline On Mon, Jan 17, 2011 at 4:37 PM, kamran shakil <[email protected]> wrote: Well, I have 2 QUERIES , pretty straight , but i am finding some concerns in it : 1> In ROUTERS, can i use another port for HTTP AUTH PROXY rather than default 80 ? Nope 2> In ASA > can i use another port for HTTP CUT-THRU PROXY rather than default ? I don't think so. regards, Kamran. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
