12-3. Using Authentication Proxy to Manage User Access

An IOS firewall can control user access to protected networks by using the authentication proxy feature. Specific networks are protected by an inbound access list, applied to an interface toward the user community, which blocks traffic. The IOS firewall can intercept HTTP traffic (TCP port 80) from users and require authentication if needed. An access list can be used to limit what HTTP traffic can trigger authentication proxy.

You can configure and apply security policies on a per-user basis. Access is denied until the user can be prompted for authentication credentials. If the user is not already authenticated, the router prompts for a username and password. After successful authentication, ...

Get Cisco ASA and PIX Firewall Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.