Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
2
Replies

Administrative sessions on ACS

jack.leung
Level 1
Level 1

‎02-11-2009 07:12 AM - edited ‎02-21-2020 10:22 AM

I have an ACS that handles authentication/authorization for our VPN Concentrator. I noticed more and more that I have to reboot the ACS frequently because it would stop authenticating folks at some point. When I try to login it kicks back with an error indicating maxed administrative sessions. ACS should time out sessions if they aren't being used, correct?

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎02-17-2009 11:54 AM

You are hitting bug CSCse26754. ACS/ACSE Administration may do limited session validation. After successful login, ACS does only limited session validation by matching the IP alone. This is due to a weakness in the default configuration of ACS.

0 Helpful

jack.leung
Level 1
Level 1
In response to owillins

‎02-17-2009 12:02 PM

Just so I'm understanding that bug, you're using port 2002 to login but after a successful login you then use a random port from 1024 and up to 6xxxx. Thereafter, ACS will only look at port and not the IP address. I'm not sure how that relates to my experience of ACS not being able to authenticate users through to Novell or Active Directory after a period of time? It will say authentication failed if you telnet to a device that does AAA or login through VPN client off a concentrator who is talking to ACS for AAA.

0 Helpful
Customers Also Viewed These Support Documents