From: Fabrice Bobes (study@6colabs.com)
Date: Sat Jun 14 2003 - 18:18:23 GMT-3
Dmitry,
I completely agree with you. I don't see the point of enabling http
server on the auth-proxy router. It's working fine without.
The sample and doc on CCO are misleading but maybe the implementation of
auth-proxy changed since 12.0.5T.
When you test auth-proxy, you shouldn't direct your browser to
http://ip-of-auth-proxy-router. Auth-proxy kicks in when an http request
is made through the router, not to the router.
I was checking the 12.3 doc where ftp and telnet auth-proxy have been
added. There is no requirement to enable ftp on your router for example
and I think it confirms that we don't need to enable http either when
doing auth-proxy for http.
Thanks,
Fabrice
http://www.6colabs.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Volkov, Dmitry (IDS Canada)
Sent: Monday, June 09, 2003 2:18 PM
To: 'ccielab@groupstudy.com'
Cc: 'security@groupstudy.com'
Subject: IOS auth-proxy
What is the proper way to configure auth-proxy ?
Here said:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/
secu
r_c/scprt3/scdauthp.htm#1001219
that "Configuring the HTTP Server is required task"
However It looks like it's not necessary at all.
Whenever I open browser from within inside with some
http://IP-routed-behind-the-router-with-auth-proxy-configured,
I always get proper auth-proxy login prompt (assuming that I configured
auth-proxy itself) doesn't matter if I have http server enabled or not.
If I open browser with http://ip-of-auth-proxy-router I get either "The
page
cannot be displayed" or, if I have "ip http server" enabled,
I get "Cisco level 15 prompt"
So what is the point (if any) to configure http server on the router
where
auth-proxy is enabled ??
Thanks,
Dmitry Volkov
CCIE # 10292
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:58 GMT-3