Dual ACE servers dial-up VPN on a 3600 router

Unanswered Question
Feb 27th, 2007

We currently have VPN users connecting through a 3640 router and want to add a 2nd RSA ACE server.

The 3640 is using IOS 12.3

Does any one know if this will support a 2nd RSA server?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 02/27/2007 - 16:52

Mike

Some more detail about what you are doing would be helpful and enable us to give you better answers. Would I be correct in assuming that if you are terminating VPN sessions on the 3640 that you are using TACACS or Radius to authenticate with the RSA server? If so then I believe that the answer is affirmative - the 3640 does support a second TACACS or Radius server.

HTH

Rick

daviddtran Sun, 03/04/2007 - 18:02

you can use native Radius Server that comes with

RSA Server to autheticate VPN users. You can

add a second RSA Server replica (provided you

have the primary RSA server in place) and it

will replicate the user database from the

primary RSA to the secondary RSA. From the

Cisco 3640, you will have two Radius entries,

one with the IP address of the primary RSA

server and another entry with the IP address

of the secondary RSA server.

I am using RSA server to terminate vpn users

on my cisco 2621 routers with this scenario

but my configuration is a bit more complicated

than yours. I have ACS server that will proxy

off the connection to the RSA Server (I

have RSA agent installed on the ACS). But the

first approach is much easier.

Good luck.

David

CCIE Security

Checkpoint CCSE NGx

Actions

This Discussion