188 |
Chapter 6 Cisco IOS Firewall Authentication and Intrusion Detection |
Lab_B(config)#ip http authentication ? |
|
aaa |
Use AAA access control methods |
enable |
Use enable passwords |
local |
Use local username and passwords |
path |
Set base path for HTML |
tacacs |
Use tacacs to authorize user |
Lab_B(config)#ip http authentication aaa
Lab_B(config)#^Z
Lab_B#
Sweet! Now that Lab B’s AAA configuration is complete, the foundation is in place for the IOS Firewall Authentication Proxy configuration. If you need a bit of a break, now’s a great time to take one.
Configuring the Authentication Proxy
Okay, back to work! With the AAA configuration in place, the Authentication Proxy configuration is a breeze. The first thing to do is to specify the Authentication Proxy idle timeout value. This is the amount of time in minutes that idle connections will be maintained by the Authentication Proxy. The default value is 60 minutes, which may or may not work for you. Remember that example of the Sales Exec and her daughter? Yikes! Okay, let’s cut that default time in half. Here’s a look at Lab_B router’s output:
Lab_B#conf t
Lab_B(config)#ip auth-proxy auth-cache-time 30
Lab_B(config-if)#^Z
Lab_B#
You can reset this to the default by using the no ip auth-proxy auth-cache-time command in global configuration mode.
Next, you’ll create an Authentication Proxy rule and name it toddlock:
Lab_B#conf t
Lab_B(config)#ip auth-proxy name toddlock ? http HTTP Protocol
<cr>
Lab_B(config)#ip auth-proxy name toddlock http
Lab_B(config)#^Z
Lab_B#
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. |
www.sybex.com |