Here is the basic configuration for doing it on Routers
aaa new-model aaa authentication login default group radius aaa authorization auth-proxy default group radius ! ip port-map http port tcp 8080 ip http port 8080 ip http server ! ip admission name AUTH proxy http ! radius-server host 10.1.1.100 key ipexpert ! interface Fa0/0 ip admission AUTH Now from the interface initiate a connection to a server like so http://192.1.6.100:8080 It will intercept the connection on that port. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Bruno Sent: Tuesday, January 18, 2011 5:47 AM To: Vybhav Ramachandran Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Auth proxy + Cut thru proxy ? PORT XYZ !!! Hi guys, Keep in mind that I suggested a way to do on ASAs. It seems Tyson did for Routers. The listener command, on ASAs, DOES change the way user gets logged in. There is no pop-up window coming from browser. Instead you'll get a page different BUT the port can be any you want. On Tue, Jan 18, 2011 at 4:54 AM, Vybhav Ramachandran <[email protected]> wrote: Hello Kings, Tyson, That was exactly what i was looking at. I was looking to test sometime later today. And, i was under the impression that the "listener" command would redirect the user to a new login page...gotta try this out too. Cheers, TacACK _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
