RSA Web Agent for IIS behind PIX 501 with NAT

Discussion in 'Cisco' started by ng01, Jun 8, 2006.

  1. ng01

    ng01 Guest

    I have Windows Server 2003 running IIS, and the RSA Web Agent
    installed, which talks successfully to an RSA Appliance. The IIS
    server and the RSA Appliance are both behind a PIX 501, and the PIX
    translates 3 public IP's to 3 private IP's, each of which is assigned
    to a different Web site in IIS. When I select one of the web sites and
    enable RSA Protection, from my internal network I can enter the URL or
    IP of the protected web site and have it properly redirected to the RSA
    Appliance, and when I authenticate, I get the web page, as expected.
    But when I enter the URL from an external source on the internet, I get
    the web page directly, without first being redirected to the RSA
    Appliance, as I should be. It appears as though the Web Agent isn't
    recognizing the correct IP when it is hit from the outside. Does
    anyone have any ideas or experience with this? Thanks very much.
    ng01, Jun 8, 2006
    1. Advertisements

  2. ng01


    Jun 6, 2006
    Likes Received:
    You need to configure cut through proxy feature in pix and integrate it with to authenticate with your RSA appliance.

    Is the server located in inside ? How are you trying to access the server ? Through public ip (natted ip) or private ip ?

    When you try from inside , i believe it does not hit the pix.

    The issue should be most likely in pix. Check ACL , NAT and AAA rules.
    keshav, Jun 25, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.