Configuring Authentication Proxy using local database

Authentication Proxy Configuration Tasks
Configuring the Cisco IOS Firewall requires four tasks:

1. Configure AAA
2. Configure the HTTP server
3. Configure authentication proxy
4. Verify the authentication proxy configuration

Configuring the Cisco Secure ACS requires three tasks:

1. Network Configuration
2. Interface Configuration
3. Authentication Proxy Configuration

Configuring Authentication Proxy using local database
Configure AAA
Gateway#config terminal
Gateway(config)#aaa new-model
Gateway(config)#aaa authentication login default local
Gateway(config)#aaa authorization auth-proxy default local
Gateway(config)#username ebay password paypal

Configure the HTTP server
(The HTTP server is used by the Cisco IOS Firewall to send the login page to the client)
Gateway(config)#ip http secure-server // or Gateway(config)#ip http server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Gateway(config)#ip http authentication local //Use local database
Gateway(config)#username wangyu privilege 15 password ws1026

Gateway(config)#access-list 2 remark Used By Router's Http Server
Gateway(config)#access-list 2 deny any
Gateway(config)#ip http access-class 2

Configure authentication proxy
Gateway(config)#ip auth-proxy name allowed-outbound http absolute-timer 30
Gateway(config)#ip auth-proxy name allowed-outbound ftp
Gateway(config)#ip auth-proxy name allowed-outbound telnet
Gateway(config)#ip auth-proxy auth-proxy-banner http # Authentication Proxy #

Gateway(config)#int fa0/1.60
Gateway(config-subif)#ip auth-proxy allowed-outbound
Gateway(config-subif)#exit
Gateway(config)#


Verify the authentication proxy configuration
Gateway#show ip auth-proxy cache
Gateway#show ip auth-proxy watch-list
Gateway#show ip auth-proxy configuration
Gateway#clear ip auth-proxy cache *