Authenticate access to internet

Well what authentication tool would do the same thing as port security with less work?

Is it 16 concurrent user that login to the ASA? Actually we have about 6xx numbers of user at our office.

I agree with FlipRich, the 16 concurrents limit is only for HTTPS. Instead, you can use HTTP authentication. If you do this, your internal users will be prompted for a user/password the first time they try to connect to the net using a web browser. Here is a minimal description of how it's done:

First you create the set of users you want on the ASA, say:

[code:1]username user1 password cisco1
username user2 password cisco2[/code:1]

Second, you configure AAA authentication using the LOCAL user database, like this:

[code:1]aaa authentication include http inside 0 0 0 0 LOCAL[/code:1]

Thats all you need, it should work (unless you have problems in NAT). Notice, that you can also configure a RADIUS/TACACS+ server to handle authentication instead of using the ASA's LOCAL user database.

Port security is obviously not helpful in your case.

16 concurrent for HTTPS ? If 17 users concurrently access to their gmail account, so it might be fail...is it?

My plan is to use existing database for username & password authentication instead of setting manually at ASA Firewall..

Currently we are using oracle database...For your info, the password is encrypted.. Can RADIUS server read the encrypted character from the existing database?

16 concurrent for HTTPS ? If 17 users concurrently access to their gmail account, so it might be fail...is it?

No, the 16 limit is for the HTTPS Authentication part only. Not the actual traffic that passes through after authentication. Once a user logs in successfully, he will be able to browse HTTP and HTTPS websites regardless of the 16 limit.

So if you configure HTTPS authentication, it will to be limited to 16 users, the 17th user will NOT be able to login. But if you configure HTTP authentication, the 16 limit does NOT apply, no matter what type of website the users browse after they athenticate, be it HTTP or HTTPS. Thats as far as I know.

My plan is to use existing database for username & password authentication instead of setting manually at ASA Firewall..

Currently we are using oracle database...For your info, the password is encrypted.. Can RADIUS server read the encrypted character from the existing database?

I'm really not sure about that. The only thing I know is that Oracle DB can be configured to use a RADIUS server. This might help:

download.oracle.com/docs/cd/B10501_01/ne.../a96573/asoradus.htm

Are you currently using any syslog servers? because you can set up logging on the ASA firewall to log authentication messages to the syslog server.
Just a hint.