cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1891
Views
0
Helpful
3
Replies
byron.momsen
Beginner

ASA Cut Through (Authentication) Proxy HTTPS concurrent connections

Hi

What are the limitations on the max number of concurrent HTTPS connections when using Auth Proxy for HTTPS traffic on a Cisco ASA 5520.

1) What is the max number of concurrent Authentications that the ASA can perform (HTTPS)?

2) Once Authenticated. What is the max number of concurrent HTTPS Authenticated connections to the back end HTTPS server.

Regards

Byron

1 ACCEPTED SOLUTION

Accepted Solutions
Karsten Iwen
VIP Mentor

The ASA allows 16 concurrent HTTPS-Authentication-sessions. This is documented in the config-guide:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_fwaaa.html#wp1150372

For the authenticated traffic the "normal" connection-limits apply as they are processed the same way as any other traffic.

If you want to authenticate your internal Users you should think about the Identity-Firewall-feature:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html

View solution in original post

3 REPLIES 3
nkarthikeyan
Rising star

Hi Byron,

I guess it should be based on the concurrent VPN sessions for your Webvpn/SSL vpn. If so then 750 is the maximum session allowed through ASA 5520. Because the valid https authentication for your vpn connectivity will be considered as one session. Your second question depends on the HTTPS server which you have i suppose

Please do rate if the given information helps.

By

Karthik

Hi Byron,

Or you mean to say whenevr you hit the firewall with any traffic if that matches it will direct you to a proxy authentication of https which you are asking a count how many cut through proxy authentication for the same???

By

Karthik

Karsten Iwen
VIP Mentor

The ASA allows 16 concurrent HTTPS-Authentication-sessions. This is documented in the config-guide:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_fwaaa.html#wp1150372

For the authenticated traffic the "normal" connection-limits apply as they are processed the same way as any other traffic.

If you want to authenticate your internal Users you should think about the Identity-Firewall-feature:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html

View solution in original post

Content for Community-Ad