Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
1
Helpful
2
Replies

PIX FTP authentication feature

dcarrion
Level 1
Level 1

‎05-12-2006 10:21 AM - edited ‎02-21-2020 10:15 AM

We currently went from using 4 /24 networks as our NAT pools for Internet access. We just added a PAT address as the NAT pools were full, and now any FTP requires authentication even if the user is alrady authenticated. HTTP and telnet are fine. We are using RADIUS authentication with dynamic ACL's on a PIX 525 running 5.3(4). Anyone else experience this?

Labels:
0 Helpful
2 Replies 2

Fernando_Meza
Level 7
Level 7

‎05-13-2006 04:50 AM

Hi .. you can try excluding FTP from triggering aaa authentication. ( Note: Your PIX version is old so I hope these commands are available )

aaa authentication exclude tcp/21 interface x.x.x.x 255.255.255.0 aaa-group

where interface is the interface from where your radius can be reached i.e inside

x.x.x.x is the IP address of your Radius server

aaa-group is the group name assigned by aaa-server command.

Or you could exclude your outbound connections from triggerring the authention by using an access-list

access-list yourlist deny ftp x.x.x.0 255.255.255.0 any

access-list yourlist permit tcp any any

aaa authentication match yourlist outbound radius

I hope it helps ... please rate it if it does !!!

dcarrion
Level 1
Level 1

‎05-18-2006 06:06 AM

My apologies, I missed my typo. The correct version of PIX OS is 6.3(4)

0 Helpful
Customers Also Viewed These Support Documents