Configuring aaa authentication match
PIXFirewall(config)# static (inside,outside) 192.168.200.1 10.10.10.10 netmask
255.255.255.255
PIXFirewall(config)# access-list PIXTEST permit tcp any host 192.168.200.1 eq 80
PIXFirewall(config)# access-group PIXTEST in interface outside
PIXFirewall(config)# aaa authentication match PIXTEST outside TACACS+
The static translation and access group are also included in this example because each is
required to have the correct public address and to apply the access list.
Example 18-2 Configuring AAA Authentication on the PIX Firewall
PIXFirewall(config)# aaa authentication include any outside 0 0 0 0 TACACS+
PIXFirewall(config)# aaa authentication exclude http outside 0 0 192.168.1.28
255.255.255.255 TACACS+
Example 18-3 Configuring aaa authentication match
PIXFirewall(config)# static (inside,outside) 192.168.200.1 10.10.10.10 netmask
255.255.255.255
PIXFirewall(config)# access-list PIXTEST permit tcp any host 192.168.200.1 eq 80
PIXFirewall(config)# access-group PIXTEST in interface outside
PIXFirewall(config)# aaa authentication match PIXTEST outside TACACS+
NOTE Chapter 7, “Configuring Access,” discusses access lists in greater detail.