[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Radius, Cisco 1600 and Windows Clients

Dear Roberto,
I've been looking those links and it seems to be just what I need...
Two questions:
1) Does it only permit to traffic http packets? (because if the user is authenticated I need to allow him to traffic all kind of Internet protocols...)
2) My routern doesn't have the "ip auth-proxy" command. It is allowed when you configure something else or I should upgrade my IOS?
>From Cisco (http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080094eb0.shtml#req)
Authentication proxy (auth-proxy), available in Cisco IOS® Software Firewall version 12.0.5.T and later...
TERRAZAS#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 1600 Software (C1600-SY-M), Version 12.1(3), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 05-Jul-00 10:52 by cmong
Image text-base: 0x02005000, data-base: 0x026FF050
ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)
ROM: 1600 Software (C1600-RBOOT-R), Version 12.0(3)T,  RELEASE SOFTWARE (fc1)
TERRAZAS uptime is 2 weeks, 1 day, 3 hours, 53 minutes
System returned to ROM by power-on
System image file is "flash:c1600-sy-mz.121-3.bin"
cisco 1601 (68360) processor (revision C) with 18432K/6144K bytes of memory.
Processor board ID 17068520, with hardware revision 00000002
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 Serial(sync/async) network interface(s)
System/IO memory with parity disabled
8192K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
System running from RAM
7K bytes of non-volatile configuration memory.
4096K bytes of processor board PCMCIA flash (Read/Write)
Configuration register is 0x2102

Thanks for everything!!!
Agustin
-----------------------------------------------------------------------------------------
Hi Agustin

I think the feature you are looking for is called "authentication proxy". It makes http sessions require a successfull 
authentication on your internet router.


Please check following Cisco links with example configurations:

Auth-proxy Authentication Outbound (CBAC and NAT) Configuration
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a0080094655.shtml

Authentication Proxy Authentication Outbound - No CBAC or NAT Configuration
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a00800942fd.shtml


Regards
Roberto


Agustín Ciciliani wrote:
> Jesse,
> 
> Sorry about the last message...
> 
> I was saying:
> 
> First of all, no ISDN, or modems or telephone lines...
> 
> Just imagine one switch with 5 windows clients that access internet using the cisco 1600
> as its gateway.
> I want that they just reach the internet if they pass some kind of authentication first.
> 
> Thanks for everything,
> 
> Agustin
> 
> 
>>I'll try to explain myself...
>>
>>First of all, no ISDN, or modems or telephone lines...
>>
>>
>>
>>----- Original Message ----- 
>>From: "Jesse Molina" <jesse@opendreams.net>
>>To: "Agust?n Ciciliani" <agustin@maderonet.net.ar>
>>Cc: <debian-isp@lists.debian.org>
>>Sent: Friday, March 11, 2005 4:22 PM
>>Subject: Re: Radius, Cisco 1600 and Windows Clients
>>
>>
>>
>>>Hmmm...
>>>
>>>I'm a little confused. Are you trying to set up L2TP? Your original
>>>email said "dial in", so I immediately thought of modem dial-in or ISDN
>>>dial-in, but it seems like you are trying to do something else, like
>>>tunneling.
>>>
>>>Can you clarify Agustin?
>>>
>>>
>>>
>>>On Fri, Mar 11, 2005 at 03:47:41PM -0300, Agust?n Ciciliani wrote:
>>>
>>>>Dear Jesse,
>>>>
>>>>Thank you for your time!
>>>>
>>>>Now you say, in fact I have some doubts about the support for ppp in the
> 
> interfaces...
> 
>>>>I've asked for a simplified model because I think I am able to figure out how to
>>
>>implement
>>
>>>>it in my WAN, but my real WAN looks like this (if this helps...)
>>>>
>>>>[LAN] PCs (clients) --------> (ethernet 0) Cisco 1601R (serial 0) ------------>
>>
>>Aerials
>>
>>>>cloud ----------> (E1) Cisco 2600 (ehernet 0/0) [6500 VLAN] Radius Server --------->
>>
>>The
>>
>>>>6500 route me to Internet...
>>>>
>>>>Agustin
>>>>
>>>>
>>>>----- Original Message ----- 
>>>>From: "Jesse Molina" <jesse@opendreams.net>
>>>>To: "Agust?n Ciciliani" <agustin@maderonet.net.ar>
>>>>Cc: <debian-isp@lists.debian.org>
>>>>Sent: Friday, March 11, 2005 3:12 PM
>>>>Subject: Re: Radius, Cisco 1600 and Windows Clients
>>>>
>>>>
>>>>
>>>>>Hi Agustin
>>>>>
>>>>>What kind of interface are you using on that 1601R? An Async serial?
>>>>>The aux port? ISDN?
>>>>>
>>>>>Posting your configuration <minus passwords and such> might be useful
>>>>>and gives us more info. (use "show tech" if possible)
>>>>>
>>>>>Debug aaa commands come in very helpful when you are having real
>>>>>radius/tacacs problems, but this could be something else, such as your
>>>>>interface configuration.
>>>>>
>>>>>
>>>>>
>>>>>On Fri, Mar 11, 2005 at 02:55:50PM -0300, Agust?n Ciciliani wrote:
>>>>>
>>>>>>Dear List,
>>>>>>
>>>>>>I apologize if this issue has been discussed, but I couldn't find any docs that
>>
>>help
>>
>>>>me
>>>>
>>>>>>out.
>>>>>>
>>>>>>I have a network with a cisco 1601R connected to Internet and a radius server
>>
>>(simply
>>
>>>>an
>>>>
>>>>>>ethernet switch with windows workstations, the router and the server running
>>>>
>>>>freeradius).
>>>>
>>>>>>I'm trying to configure the cisco so clients dial to it, the cisco validate the
>>
>>user
>>
>>>>and
>>>>
>>>>>>password with the radius, and if everything is ok, it opens the door to that
>>
>>client
>>
>>>>for
>>>>
>>>>>>accessing Internet.
>>>>>>
>>>>>>I've based my freeradius installation reading
>>
>>http://www.frontios.com/freeradius.html
>>
>>>>so
>>>>
>>>>>>the server is running ok and the tests show me that it's validating as I need.
> 
> The
> 
>>>>>>communication between the router and the server is also ok.
>>>>>>
>>>>>>The big problem is between the NAS and the clients. I read almost everything
> 
> I've
> 
>>>>found in
>>>>
>>>>>>cisco about VTI, VPDN, PPP, AAA and RADIUS, but I cannot make it work...
>>>>>>
>>>>>>Besides I'm no sure about what kind of windows client I should use (pppoe as an
>>
>>ADSL
>>
>>>>>>connection or VPN with the ip of the router to dial-in).
>>>>>>
>>>>>>I'll appreciatte any comment, or perhaps you know a good howto or something that
> 
> I
> 
>>>>could
>>>>
>>>>>>read.
>>>>>>
>>>>>>THANKS IN ADVANCE!!!
>>>>>>
>>>>>>Sincerely,
>>>>>>
>>>>>>Agust?n
>>>>>>
>>>>>>
>>>>>>-- 
>>>>>>To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
>>>>>>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>>>>>>
>>>>>
>>>>>-- 
>>>>># Jesse Molina
>>>>># Mail = jesse@opendreams.net
>>>>># Page = page-jesse@opendreams.net
>>>>># Cell = 1.602.323.7608
>>>>># Web = http://www.opendreams.net/jesse/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>-- 
>>>>>To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
>>>>>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>>>-- 
>>># Jesse Molina
>>># Mail = jesse@opendreams.net
>>># Page = page-jesse@opendreams.net
>>># Cell = 1.602.323.7608
>>># Web = http://www.opendreams.net/jesse/
>>>
>>>
>>>
>>>
>>
> 
>
Reply to: