02-11-2009 07:12 AM - edited 02-21-2020 10:22 AM
I have an ACS that handles authentication/authorization for our VPN Concentrator. I noticed more and more that I have to reboot the ACS frequently because it would stop authenticating folks at some point. When I try to login it kicks back with an error indicating maxed administrative sessions. ACS should time out sessions if they aren't being used, correct?
02-17-2009 11:54 AM
You are hitting bug CSCse26754. ACS/ACSE Administration may do limited session validation. After successful login, ACS does only limited session validation by matching the IP alone. This is due to a weakness in the default configuration of ACS.
02-17-2009 12:02 PM
Just so I'm understanding that bug, you're using port 2002 to login but after a successful login you then use a random port from 1024 and up to 6xxxx. Thereafter, ACS will only look at port and not the IP address. I'm not sure how that relates to my experience of ACS not being able to authenticate users through to Novell or Active Directory after a period of time? It will say authentication failed if you telnet to a device that does AAA or login through VPN client off a concentrator who is talking to ACS for AAA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide