Cisco Support Community
Community Member

PIX authenticating twice ??


I've installed a PIX 515E DMZ with PIX OS 6.3 at a customer's site.

I've enabled RADIUS authentication for access via the internal

interface to the outside interface (Internet), this is done via

Microsoft Active directory and IAS (Microsoft's own RADIUS server)

the authentication works fine, and it allows access only once the

users authenticate. However “some” web sites not more then 2 or 3 seem to

require the users to authenticate twice if accessed first i.e. the first authentication prompt is from the pix i.e. site: is the site URL. Realm : The authentication text that I’ve enter in the “auth-prompt prompt” command but the second one has Site: the site URL Realm: Also site URL for example.

First Authentication prompt..


Realm: Please provide password…

Second prompt



As can be expected the authentication for the second one does not work, i.e.. the same user name password used in the first one does not work. But if you cancel the second one the page does not display, but when you access the same site again, after the first pix authentication it goes through.

What is causing this second authentication prompt and how do I stop it from happening. ? Has any one else come across this problem. ?

Thanks and Regards

K. Koelmeyer

Senior Systems Engineer

Community Member

Re: PIX authenticating twice ??

From my understanding of the fault description above, it sounds like something "Virtual HTTP" should resolve. These sites are most likely runing Microsoft IIS with Basic Authentication or NT Challenge enabled.


Virtual http [warn]

Where is an unused IP address routed to the PIX and [warn] to notify users of redirection.

This will prevent the wrong authentication credentials from been appended to the HTTP GET command sent from browser.

Hope this helps.

CreatePlease to create content