Network Security Blog

Cisco ACS-Auth-Proxy

OR

Config ON Router

RADIUS<-------------(SERVER_SIDE)#ROUTER#(USER_SIDE)------------------>CLIENT

aaa authentication login default group tacacs

aaa authorization auth-proxy default group tacacs

ip auth-proxy name PROXY-RULE http [list ACL]

ip access-list extended PROXY-ACL

permit icmp any any log

permit tcp any any eq 22 log

permit ip host <SERVER_SIDE> host <SERVER> lOG

deny ip any any log

int <USER_SIDE>

ip auth-proxy PROXY-RULE

ip access-group PROXY-ACL in

ip http server

ip http access-class 61

ip http authentication aaa

ip http secure-server