From: Szabo, Vilmos (VS183600@exchange.UnitedKingdom.NCR.COM)
Date: Thu Jun 12 2003 - 08:39:33 GMT-3
Dmitry,
Do you say on auth-proxy router with 'no ip http server' still you can
invoke the authentication prompt?
My test is following:
'ip http server' -> auth-proxy window invoked
'no ip http server' -> auth-proxy window not invoked
Could you clarify this?
P.S. from IOS 12.3(1) auth-proxy can be used via telnet and ftp as well.
Regards,
Vilmos
-----Original Message-----
From: Volkov, Dmitry (IDS Canada) [mailto:dmitry_volkov@ca.ml.com]
Sent: 09 June 2003 22:18
To: 'ccielab@groupstudy.com'
Cc: 'security@groupstudy.com'
Subject: IOS auth-proxy
What is the proper way to configure auth-proxy ?
Here said:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt3/scdauthp.htm#1001219
that "Configuring the HTTP Server is required task"
However It looks like it's not necessary at all.
Whenever I open browser from within inside with some
http://IP-routed-behind-the-router-with-auth-proxy-configured,
I always get proper auth-proxy login prompt (assuming that I configured
auth-proxy itself) doesn't matter if I have http server enabled or not.
If I open browser with http://ip-of-auth-proxy-router I get either "The page
cannot be displayed" or, if I have "ip http server" enabled,
I get "Cisco level 15 prompt"
So what is the point (if any) to configure http server on the router where
auth-proxy is enabled ??
Thanks,
Dmitry Volkov
CCIE # 10292
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:57 GMT-3