Hi,

We have configured our PIX firewalls to authenticate/authorize against our ACS server. We are experiencing an intermediate issue with putting more commands in the firewalls. The authentication itself is hanging as well and it takes a long time (roughly a minute) before we can get in. Then if we try to enter more commands the screen just hangs. Again, there are no disconnects or timeouts. It seems to me like the PIX is taking a huge amount of time before it authorizes the command. These issues occur after we enter few commands in the firewall.

We are running 6.3 version on the PIX so it is a very old version. Before we blame the PIX I would like to ask about the warning I have mentioned in the name of the thread. I have tried to search for ACS 5.1 error codes, but it looks like there is no actual documentation with error descriptions and possible troubleshootings.

The only info ACS has is "TACACS+ authentication request switches from Login to Change Password functionality." Could somebody please explain to me what exactly is happening? I guess this is probably the result of those old PIX versions we have, but it would be nice to know what's "behind the scenes".

The ACS server itself runs without any issues (CPu around 5% and memory around 40%).

Thank you,

               Martin