The IOS Firewall authentication proxy feature allows network administrators to apply specific security policies on a per-user basis. With authentication proxy, users can log in to the network or access the Internet via HTTP, and their specific access profiles are automatically retrieved and applied from a AAA server running either TACACS+ or RADIUS. Another nice feature of authentication proxy is that a user 's profile is active only when there is active traffic, and it will time out when the configurable timeout period expires . When configuring the ACEs on the AAA server for authentication proxy support, remember that the ACEs can only be permit entries. |