Header

Sections

Syndication

Blogroll:

||||| ALL Cisco-Network ARTICLES |||||
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Applying the Authentication Proxy

Email to a friend email

email

Print version print

print

Applying the Authentication Proxy

Sep 16,2009 by alperen

small font

medium font

large font

Applying the Authentication Proxy

Figure 8-3 shows a simple authentication proxy implementation where a single connection exists to the local, protected network and a serial connection exists to the Internet via an Internet service provider (ISP). Access control lists are applied inbound on both interfaces to block all incoming traffic. The lone exception is this: an opening must be created that allows the AAA server to communicate with the firewall router.

Click To expand

Figure 8-3: Simple network implementation for authentication proxy

One strategy is to apply the authentication proxy in the inbound direction for any router interface for which per-user authentication and authorization is required. By applying the authentication proxy inbound, all user connection requests are intercepted before they’re processed by any IOS or firewall features. If the user authentication attempt fails, the connection request is dropped.

The authentication proxy feature supports using a standard access list to specify a particular host or group of hosts whose initial HTTP traffic triggers the proxy. How the authentication proxy will be applied should be driven by the organization security policy.

141 times read

Related news

» Cisco IOS Firewall Authentication Proxy
by alperen posted on Sep 16,2009
» Cisco IOS Firewall Authentication Proxy Review
by alperen posted on Sep 22,2009
» access-list cisco Authentication Proxy
by alperen posted on Jul 26,2009
» Security Vulnerability Issues
by alperen posted on Sep 16,2009
» The auth-proxy Interface Configuration
by alperen posted on Sep 19,2009

Did you enjoy this article?

(total 0 votes)

comment

Comments (0 posted)

More Top News

CCSP-Cisco Certified Security Professional

Cisco SAFE Implementation

Preparation Documents

Skills Required for the Exam

Cisco SAFE Implementation Questions and Answers

Access Control Lists Cisco

Access List Basics

Standard Access Lists

Extended Access Lists

TCP Access Lists

UDP Access Lists

ICMP Access Lists

Named Access Lists

Signature and Alarm Management Review

Signature and Alarm Management Review Questions and Answers

Managing Alarms

Event Viewer Customization

Preference Settings

Sensor Installation

Connecting to Your Network Sensor Appliance

Sensor Bootstrap

Sensor Installation and Configuration Review

Sensor Installation and Configuration Questions and Answers

Signature and Alarm Management

CIDS Signatures

Signature Series

Signature Implementations

Signature Classes

Signature Types

Signature Severity

Most Popular

Privilege Levels

Managing the Router's ARP Cache

Configuring SIP on a Cisco Router

IDS Signatures Grouped by Software Release Version

Most Commented

Exploring the Navigation Bar

Site Qualification Test (SQT)

PDAs as Diagnostic Tools

Featured Author

alperen