The AAA implementation on PIX firewalls and Firewall Services Modules (FWSMs) is very similar to that on routers with very few exceptions. As of writing this text, the current version of PIX is 7.x, and the current version of FWSM is 2.3.x. The discussion in this chapter is based on PIX Version 7.x. Hence some of the features discussed in this chapter may not be supported on the FWSM Version 2.3.x, which is based on PIX code base 6.3.x. This difference will be pointed out throughout the chapter. The primary focus of this chapter is troubleshooting techniques on AAA, which is the same on both PIX and FWSM. The Case Study section of this chapter examines the feature called Virtual HTTP or Virtual Telnet that addresses some of the problems posed by the Cut-Thru Proxy. Finally, the chapter concludes with Best Practices.