Cut-Through-proxy with accounting

Unanswered Question
Dec 12th, 2008

We are using ASA 5510 boxes in active/standby-stateful to serve internet connectivity to about 2500-3000 users, the normal CPU usage of the ASA is about 15-18%.

Now we are planning to set up Cut-through -proxy for all users with Cisco ACS (v 4.0, Server hardware: Intel XEON, 2 GB RAM). Also we require that all http sessions be Accounted in the ACS.

I read there are issues with the ASA authenticating more that 16 users simultaneously using https authentication.

Are there any such kind of issues with http authentication?

What will be the impact on the ASA CPU authenticating all these users and sending accounting information to the ACS about all the sessions.

Please Clarify


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Thu, 12/18/2008 - 11:39

You can configure the PIX Firewall in order to control user access to specific hosts or services. However, it is easier to maintain this kind of access control in a single location, at the authentication server. After you enable authentication and authorization, the PIX Firewall prompts users of FTP, Telnet, or HTTP (Web) access. The control of access to a specific system or service is handled by the authentication and authorization server. Here is the URL for the further description


This Discussion