Re: Radius, Cisco 1600 and Windows Clients
Dear Roberto,
I've been looking those links and it seems to be just what I need...
Two questions:
1) Does it only permit to traffic http packets? (because if the user is authenticated I
need to allow him to traffic all kind of Internet protocols...)
2) My routern doesn't have the "ip auth-proxy" command. It is allowed when you configure
something else or I should upgrade my IOS?
>From Cisco
(http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080094eb0.
shtml#req)
Authentication proxy (auth-proxy), available in Cisco IOS® Software Firewall version
12.0.5.T and later...
TERRAZAS#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 1600 Software (C1600-SY-M), Version 12.1(3), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 05-Jul-00 10:52 by cmong
Image text-base: 0x02005000, data-base: 0x026FF050
ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)
ROM: 1600 Software (C1600-RBOOT-R), Version 12.0(3)T, RELEASE SOFTWARE (fc1)
TERRAZAS uptime is 2 weeks, 1 day, 3 hours, 53 minutes
System returned to ROM by power-on
System image file is "flash:c1600-sy-mz.121-3.bin"
cisco 1601 (68360) processor (revision C) with 18432K/6144K bytes of memory.
Processor board ID 17068520, with hardware revision 00000002
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 Serial(sync/async) network interface(s)
System/IO memory with parity disabled
8192K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
System running from RAM
7K bytes of non-volatile configuration memory.
4096K bytes of processor board PCMCIA flash (Read/Write)
Configuration register is 0x2102
Thanks for everything!!!
Agustin
----- Original Message -----
From: "Roberto Giana" <dont_spam_me_rgiana@spin.ch>
Newsgroups: linux.debian.isp
To: "Agustín Ciciliani" <agustin@maderonet.net.ar>
Sent: Saturday, March 12, 2005 5:06 PM
Subject: Re: Radius, Cisco 1600 and Windows Clients
> Hi Agustin
>
> I think the feature you are looking for is called "authentication proxy". It makes http
sessions require a successfull
> authentication on your internet router.
>
>
> Please check following Cisco links with example configurations:
>
> Auth-proxy Authentication Outbound (CBAC and NAT) Configuration
>
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a0080094655.shtml
>
> Authentication Proxy Authentication Outbound - No CBAC or NAT Configuration
>
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a00800942fd.shtml
>
>
> Regards
> Roberto
>
>
> Agustín Ciciliani wrote:
> > Jesse,
> >
> > Sorry about the last message...
> >
> > I was saying:
> >
> > First of all, no ISDN, or modems or telephone lines...
> >
> > Just imagine one switch with 5 windows clients that access internet using the cisco
1600
> > as its gateway.
> > I want that they just reach the internet if they pass some kind of authentication
first.
> >
> > Thanks for everything,
> >
> > Agustin
> >
> >
> >>I'll try to explain myself...
> >>
> >>First of all, no ISDN, or modems or telephone lines...
> >>
> >>
> >>
> >>----- Original Message -----
> >>From: "Jesse Molina" <jesse@opendreams.net>
> >>To: "Agust?n Ciciliani" <agustin@maderonet.net.ar>
> >>Cc: <debian-isp@lists.debian.org>
> >>Sent: Friday, March 11, 2005 4:22 PM
> >>Subject: Re: Radius, Cisco 1600 and Windows Clients
> >>
> >>
> >>
> >>>Hmmm...
> >>>
> >>>I'm a little confused. Are you trying to set up L2TP? Your original
> >>>email said "dial in", so I immediately thought of modem dial-in or ISDN
> >>>dial-in, but it seems like you are trying to do something else, like
> >>>tunneling.
> >>>
> >>>Can you clarify Agustin?
> >>>
> >>>
> >>>
> >>>On Fri, Mar 11, 2005 at 03:47:41PM -0300, Agust?n Ciciliani wrote:
> >>>
> >>>>Dear Jesse,
> >>>>
> >>>>Thank you for your time!
> >>>>
> >>>>Now you say, in fact I have some doubts about the support for ppp in the
> >
> > interfaces...
> >
> >>>>I've asked for a simplified model because I think I am able to figure out how to
> >>
> >>implement
> >>
> >>>>it in my WAN, but my real WAN looks like this (if this helps...)
> >>>>
> >>>>[LAN] PCs (clients) --------> (ethernet 0) Cisco 1601R (serial 0) ------------>
> >>
> >>Aerials
> >>
> >>>>cloud ----------> (E1) Cisco 2600 (ehernet 0/0) [6500 VLAN] Radius Server --------->
> >>
> >>The
> >>
> >>>>6500 route me to Internet...
> >>>>
> >>>>Agustin
> >>>>
> >>>>
> >>>>----- Original Message -----
> >>>>From: "Jesse Molina" <jesse@opendreams.net>
> >>>>To: "Agust?n Ciciliani" <agustin@maderonet.net.ar>
> >>>>Cc: <debian-isp@lists.debian.org>
> >>>>Sent: Friday, March 11, 2005 3:12 PM
> >>>>Subject: Re: Radius, Cisco 1600 and Windows Clients
> >>>>
> >>>>
> >>>>
> >>>>>Hi Agustin
> >>>>>
> >>>>>What kind of interface are you using on that 1601R? An Async serial?
> >>>>>The aux port? ISDN?
> >>>>>
> >>>>>Posting your configuration <minus passwords and such> might be useful
> >>>>>and gives us more info. (use "show tech" if possible)
> >>>>>
> >>>>>Debug aaa commands come in very helpful when you are having real
> >>>>>radius/tacacs problems, but this could be something else, such as your
> >>>>>interface configuration.
> >>>>>
> >>>>>
> >>>>>
> >>>>>On Fri, Mar 11, 2005 at 02:55:50PM -0300, Agust?n Ciciliani wrote:
> >>>>>
> >>>>>>Dear List,
> >>>>>>
> >>>>>>I apologize if this issue has been discussed, but I couldn't find any docs that
> >>
> >>help
> >>
> >>>>me
> >>>>
> >>>>>>out.
> >>>>>>
> >>>>>>I have a network with a cisco 1601R connected to Internet and a radius server
> >>
> >>(simply
> >>
> >>>>an
> >>>>
> >>>>>>ethernet switch with windows workstations, the router and the server running
> >>>>
> >>>>freeradius).
> >>>>
> >>>>>>I'm trying to configure the cisco so clients dial to it, the cisco validate the
> >>
> >>user
> >>
> >>>>and
> >>>>
> >>>>>>password with the radius, and if everything is ok, it opens the door to that
> >>
> >>client
> >>
> >>>>for
> >>>>
> >>>>>>accessing Internet.
> >>>>>>
> >>>>>>I've based my freeradius installation reading
> >>
> >>http://www.frontios.com/freeradius.html
> >>
> >>>>so
> >>>>
> >>>>>>the server is running ok and the tests show me that it's validating as I need.
> >
> > The
> >
> >>>>>>communication between the router and the server is also ok.
> >>>>>>
> >>>>>>The big problem is between the NAS and the clients. I read almost everything
> >
> > I've
> >
> >>>>found in
> >>>>
> >>>>>>cisco about VTI, VPDN, PPP, AAA and RADIUS, but I cannot make it work...
> >>>>>>
> >>>>>>Besides I'm no sure about what kind of windows client I should use (pppoe as an
> >>
> >>ADSL
> >>
> >>>>>>connection or VPN with the ip of the router to dial-in).
> >>>>>>
> >>>>>>I'll appreciatte any comment, or perhaps you know a good howto or something that
> >
> > I
> >
> >>>>could
> >>>>
> >>>>>>read.
> >>>>>>
> >>>>>>THANKS IN ADVANCE!!!
> >>>>>>
> >>>>>>Sincerely,
> >>>>>>
> >>>>>>Agust?n
> >>>>>>
> >>>>>>
> >>>>>>--
> >>>>>>To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> >>>>>>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >>>>>>
> >>>>>
> >>>>>--
> >>>>># Jesse Molina
> >>>>># Mail = jesse@opendreams.net
> >>>>># Page = page-jesse@opendreams.net
> >>>>># Cell = 1.602.323.7608
> >>>>># Web = http://www.opendreams.net/jesse/
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>--
> >>>>>To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> >>>>>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >>>>>
> >>>>>
> >>>>>
> >>>
> >>>
> >>>
> >>>--
> >>># Jesse Molina
> >>># Mail = jesse@opendreams.net
> >>># Page = page-jesse@opendreams.net
> >>># Cell = 1.602.323.7608
> >>># Web = http://www.opendreams.net/jesse/
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
>
>
>
>
>
Reply to: