Summary
The IOS Firewall authentication proxy feature allows network administrators to apply specific security policies on a per-user basis. With authentication proxy, users can log in to the network or access the Internet via HTTP, and their specific access profiles are automatically retrieved and applied from a AAA server running either TACACS+ or RADIUS. Another nice feature of authentication proxy is that a user's profile is active only when there is active traffic, and it will time out when the configurable timeout period expires.
When configuring the ACEs on the AAA server for authentication proxy support, remember that the ACEs can only be permit entries.
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
