To use authentication proxy, the HTTP server on the firewall must be configured and the HTTP server authentication method set to use AAA. You can accomplish this in three basic steps. The first two are required, while the third offers some optional capabilities.
Enable the HTTP server on the router. The authentication proxy process uses the HTTP server features to communicate with the client for user authentication. The syntax is
Rtr1(config)#ip http server
Set the HTTP server authentication method to AAA. The following output shows the authentication options. This isn’t a method list, so only one can be chosen. The final line demonstrates the AAA implementation. The syntax is
Rtr1(config)#ip http authentication ? ?aaa ????Use AAA access control methods ?enable ?Use enable passwords ?local ? Use local username and passwords ?tacacs ?Use tacacs to authorize user Rtr(config)#ip http authentication aaa
(Optional) Specify an access list for the HTTP server. This standard access list can identify which IP address(es) can access the HTTP session. If used, the acl# is the same as the one applied to the interface in the ip auth-proxy name auth- proxy-name http command in the next section. The syntax is
Rtr1(config)#ip http access-class acl#
The following example enables the HTTP server on the router using the AAA authentication. The ACL 75 denies all host connections to the HTTP server.
Rtr1(config)#ip http server Rtr1(config)#ip http authentication aaa Rtr1(config)#ip http access-class 75 Rtr1(config)#access-list 75 deny any