Database replication errors - between two appliance 113

Unanswered Question
Mar 8th, 2007

I have two Secure ACS appliances - primary and a secondary. The secondary is behind the firewall and so we have the IP addresses nat'ed. I can get to the sec appliance via the natt'ed Ip address, but it the primary server says he does not see it. below is the error message I am getting

Inbound database replication from ACS 'Primary' denied - shared secret mismatch

i did read thru the earlier conversation, but It does not solve the issues I am haivng with the replication.

Pls help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vivek Santuka Thu, 03/08/2007 - 08:10

Hi,

Usually "shared secret" mismatch means the primary's self key and the primary's key on secondary server do not match.

I would like to to point out that replication is not supported with NAT.

Regards,

Vivek

wordworship Thu, 03/08/2007 - 08:53

its worked before. the keys do match.

below is the link that the TAC engineer sent to me:

Vivek Santuka Fri, 03/09/2007 - 05:14

Hi,

No link in the above post.

Bust if you are using ACS 4 then please check the keys of the NDG and try moving the AAA Server entry to a different NDG.

Regards,

Vivek

wordworship Fri, 03/09/2007 - 10:41

Vivek,

Thanks for yor response.

Oops. Sorry about that. below is the link I was give:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml#configure_db_nat

I am currently running CiscoSecure ACS v3.3 on the Appliance.

Also is the line from the log of a successful replication: Nothing has changed since then.

Inbound database replication from ACS 'notacs01' completed

Vivek Santuka Sat, 03/10/2007 - 05:51

Hi,

We need to look at Auth.log for events around the replication.

As I said before, you should try re-entering the secre keys again before looking at logs.

Regards,

Vivek

Actions

This Discussion