Authentication Proxy

What is authentication proxy?
It enables administrators to restrict access to resources on a per-user basis. It can be used to authenticate both inbound and outbound connections.

Only support HTTP, HTTPS, FTP or Telnet (Only on Standard port ?)


How Authentication Proxy Works?

1. The source host initiates an HTTP connection that is intended to pass through the Cisco IOS Firewall to reach its destination.
2. The Cisco IOS Firewall checks to see whether the source has already been authenticated. If the source has not previously authenticated, the firewall sends a login prompt to the user.
3. The user completes the username and password, and the Cisco IOS Firewall verifies the user account information with the AAA server ( or local database).
4. If the user provides the correct account information and is authenticated by the AAA server, the firewall allows the connection to complete.

Limitations of Authentication Proxy

1. Triggers only on HTTP connections
2. Only supports HTTP and HTTPS on standard ports (80 and 443) means router or remote server???
   
3. Client browsers support JavaScript.
4. Applies to traffic passing through the router, not destine to the router.
5. Does not support concurrent usage. (if two users try to log in from the same host at the same time, authentication and authorization applies only to the user who first submits a valid username and password.)
6. Support only one AAA servers, otherwiese load balancing using multiple AAA servers is not supported.