This chapter covers the following subjects:
• Authentication Proxy on IOS Routers
• Configuring Downloadable ACLs for Authentication Proxy
Chapter 10, “Cut-Through Proxy AAA on Pix/ASA,” covered the limitations of IP address-based restrictions and the need for per-user based access restriction. Similar to the cut-through proxy authentication method on ASA/PIX, IOS-based routers provide the Authentication Proxy feature to restrict access based on user profiles.
When Authentication Proxy is enabled, traffic flowing through the router is intercepted and the authentication cache is checked to see whether the user is already authenticated. If a valid authentication ...