Great, what is the image version on R9? Seems IOS proxy on non-80 port is working on that image.
And as far I know, IOS http server can listen to a single port at a time. Hence, I think you can't make auth-proxy work on 80 and 8080 simultaneously. With regards Kings On Sun, Jul 24, 2011 at 10:11 AM, Adil Pasha <[email protected]> wrote: > Jim / Kingsley, > Thank you so much for the suggestions. > Yes it working now for port redirection. > > My topology is Desktop ----> R9 (auth-proxy + port-mapping for http 80 to > 8080) ------> R2 (http on port 8080 > > Now the only thing is that if I initiate a session on http://10.12.12.12which > is port 80 the connection fails completely. Is there a way to setup > the IOS auth-proxy that either ports 80 or 8080 can work and the traffic > will go to the destination http server on port 8080? > > --------------------------------------------------------- > Here is the working configuration: > > *ACS configuration for the user:* > > priv-lvl=15 > procyacl#1=permit tcp any any eq 8080 <<<<<<< This is the command that > Kingsley and Jim suggested to use and made the port redirection work. > >>>>>>>>>> > > *R9 auth-proxy configuration:* > aaa authentication login default group tacacs+ local > aaa authentication login noAAA none > aaa authorization auth-proxy default group tacacs+ local > aaa accounting auth-proxy default > action-type start-stop > ! > ip auth-proxy auth-proxy-banner http ^C > please enter your username and password > ^C > ip auth-proxy name cisco http inactivity-time 60 > ip admission auth-proxy-banner http ^C > please enter your username and password > ^C > ! > ip port-map http port tcp 8080 > ! > interface GigabitEthernet0/0 > ip address 10.10.10.9 255.255.255.0 > ip auth-proxy cisco > duplex auto > speed auto > ! > ip http port 8080 <<<<<<< This is the command that Kingsley and Jim > suggested to use and made the port redirection work. >>>>>>>>>> > ip http server > ip http access-class 61 > ip http authentication aaa > access-list 61 deny any > ! > > *R2 http server configuration:* > ip http server > ip http port 8080 > > > > > Best Regards. > ______________________ > Adil > > On Jul 23, 2011, at 10:41 PM, Kingsley Charles wrote: > > In your case, R9 intercepts http requests on port 80 while the http > request for R2 is on 8080, so auth-proxy will not work. > > On R9, configure http port for 8080 and then configure PAM entry for 8080. > > Also in the Auth-Proxy, change the ACE to permit port 8080, if you have an > restrictive ACL on the interface doing auth-proxy. > > proxyacl#1=permit tcp any any eq 8080 > > Auth-proxy on port other than 80 might not work. > > Try you luck and see,if it's working. > > With regards > Kings > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
