You want the router to separately authenticate and authorize individual users as they access restricted resources.
To enable an IOS-based authentication proxy, use the following commands:
configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router1(config)#
aaa authorization auth-proxy default localRouter1(config)#
ip auth-proxy auth-proxy-banner httpRouter1(config)#
ip admission auth-proxy-banner httpRouter1(config)#
ip http serverRouter1(config)#
ip http authentication localRouter1(config)#
Cisco authentication proxy is an intercepting proxy that requires users to authenticate before being allowed to access resources behind the proxy. Because it operates as an intercepting proxy, it means that placement of the router is vital, since it can only authenticate sessions that transverse the router. Generally, this means that the proxy must be placed at a network choke point, such as the link to the Internet, for instance.
Since Cisco authentication proxy is designed to act as an intercepting proxy, there is no need for end users to configure their browsers to point to the proxy server. The router will automatically intercept all sessions and force the end users to authenticate before they can access resources behind the proxy. The ...
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.