Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cut-Through-proxy with accounting

We are using ASA 5510 boxes in active/standby-stateful to serve internet connectivity to about 2500-3000 users, the normal CPU usage of the ASA is about 15-18%.

Now we are planning to set up Cut-through -proxy for all users with Cisco ACS (v 4.0, Server hardware: Intel XEON, 2 GB RAM). Also we require that all http sessions be Accounted in the ACS.

I read there are issues with the ASA authenticating more that 16 users simultaneously using https authentication.

Are there any such kind of issues with http authentication?

What will be the impact on the ASA CPU authenticating all these users and sending accounting information to the ACS about all the sessions.

Please Clarify



Re: Cut-Through-proxy with accounting

You can configure the PIX Firewall in order to control user access to specific hosts or services. However, it is easier to maintain this kind of access control in a single location, at the authentication server. After you enable authentication and authorization, the PIX Firewall prompts users of FTP, Telnet, or HTTP (Web) access. The control of access to a specific system or service is handled by the authentication and authorization server. Here is the URL for the further description

CreatePlease to create content