Cisco Support Community
Community Member

AAA and PIX 515e


I have downloaded a trial of CiscoSecure ACS 3.0 to use with my PIX 515e with a view to purchase. I like this a lot and will definately be buying but before I do I have a small problem.

I have setup up the Firewall to request access from the users to get to the Internet. This works great but if the user then goes to a secure web site which requests username and logon details, there seems to be a conflict between the PIX AAA and the Web Sites credentials. I think I have read about this somewhere but can not remember where.

There was some mention about a virtual http server I think but can not remember the details. Does anyone know of this problem and a way round it??



Community Member

Re: AAA and PIX 515e

Check out:


The virtual http command solves the problem of browser caching the authentication by first creating a http redirect from the initial ip address of the server (the pix still impersonates the server) to the address set within the virtual http command. When the browser is redirected to this address the pix will then prompt for the username and password. After authentication is successful, the browser is then redirected back to the original address. This way the browser will not associate the username and password used for the pix (and therefore ACS) with the username and password used by the server.

Community Member

Re: AAA and PIX 515e

Thanks for the info. I tried the link above but all I get is the msn search page!! Could you confirm the link for me!



Community Member

Re: AAA and PIX 515e

Woops, something happened to the colon when I pasted it:

Cisco Employee

Re: AAA and PIX 515e

There is a sample configuration for this at the following link:

hope this helps,


CreatePlease to create content