Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
278
Views
0
Helpful
1
Replies

Cut-Through-proxy with accounting

victor_87
Level 1
Level 1

‎12-12-2008 06:43 AM - edited ‎03-11-2019 07:25 AM

We are using ASA 5510 boxes in active/standby-stateful to serve internet connectivity to about 2500-3000 users, the normal CPU usage of the ASA is about 15-18%.

Now we are planning to set up Cut-through -proxy for all users with Cisco ACS (v 4.0, Server hardware: Intel XEON, 2 GB RAM). Also we require that all http sessions be Accounted in the ACS.

I read there are issues with the ASA authenticating more that 16 users simultaneously using https authentication.

Are there any such kind of issues with http authentication?

What will be the impact on the ASA CPU authenticating all these users and sending accounting information to the ACS about all the sessions.

Please Clarify

Regards

Labels:
0 Helpful
1 Reply 1

tstanik
Level 5
Level 5

‎12-18-2008 11:39 AM

You can configure the PIX Firewall in order to control user access to specific hosts or services. However, it is easier to maintain this kind of access control in a single location, at the authentication server. After you enable authentication and authorization, the PIX Firewall prompts users of FTP, Telnet, or HTTP (Web) access. The control of access to a specific system or service is handled by the authentication and authorization server. Here is the URL for the further description

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml#intro

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card