The Cisco IOS Firewall authentication proxy feature allows
network administrators to implement security policies on a per-user basis
through personalized ACLs. Without firewall authentication proxy, user identity
and any authorized access was associated with a user’s IP address. Any single
security policy had to be applied to an entire user group or subnet. Now, users
can be identified and authorized on the basis of their per-user policy, and any
access privileges can be customized based on their individual access
profiles.
With the authentication proxy feature, users can log in to the
network or access the Internet via HTTP. Their specific access profiles are
automatically retrieved and applied from a Cisco Secure Access Control Server
(ACS), or another RADIUS or TACACS+ authentication server. The user profiles are
active only while there’s active traffic from the authenticated user.
The authentication proxy is supported on the latest IOS versions
(12.2) of the SOHO 70, 800, uBR900, 1720, 2600, 3600, 7100, 7200, and 7500
series routers. Earlier versions won’t support the feature on the smaller units
(SOHO 70 to 1720s). Authentication proxy is compatible with other Cisco IOS
security features, such as NAT, CBAC, IPSec encryption, and VPN client
software.
Sections
Comments (0 posted)
Syndication
