Enable static translation with RADIUS authentication (PIX)

Discussion in 'Cisco' started by Javier, Apr 27, 2004.

  1. Javier

    Javier Guest

    Hi

    I need to create a static NAT for give access to one internal IP and PORT. I
    have a Pix 515

    But I need that the person who will access to the public IP:pORT must
    aunthenticate with a RADIUS Server first

    is this possible ?

    Could you give me an example ?

    Thanks in advance

    Javier
     
    Javier, Apr 27, 2004
    #1
    1. Advertisements

  2. :I need to create a static NAT for give access to one internal IP and PORT. I
    :have a Pix 515

    :But I need that the person who will access to the public IP:pORT must
    :aunthenticate with a RADIUS Server first

    :is this possible ?


    Please see
    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1056043

    You should be able to use 'aaa authorization include' naming the particular
    service and host you want protected; users would be required to
    authenticate before being granted access.


    There are other possible approaches, including "downloadable ACLs", but
    I think aaa authorization include would probably be easier.
     
    Walter Roberson, Apr 27, 2004
    #2
    1. Advertisements

  3. Javier

    Greg Gibson Guest

    I am trying to do the same thing. Have the pix authenticate
    hits to my terminal server.

    I am reading Cisco Guide to PIX Firewalls and what I get
    from the aaa stuff is that to have the pix (501 in my case)
    autenticate to a public IP:pORT I must be running an aaa server,
    for the pix to ask for authentication etc.

    Is this true, or will the pix authenticate to a local user
    database? It seems from a previous post that 6.3 will for
    VPN connections?

    Also, it says the pix is compatible with cisco acs, livingston
    and merit. Searches on google seem to suggest that people use
    others. I am looking for a free one, if I need one at all.

    Thanks,
    Greg
     
    Greg Gibson, Apr 30, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.