- Bronze, 100 points or more
There are two ACS servers one sits on the inside of an ASA 5510 at the head office and the other sits on the inside of an ASA 5510 at the hot site.
Those ASA 5510s were put in to replace two PIX 515Es and the claim is that since the ASAs went in replication has stopped working. This of course makes no sense to me since there is communication between the ACS servers and the firewall is not dropping anything whenever 'replicate now' is issued.
Unfortunately I dont know much about ACS so is there anything I can look for to help troubelshoot this the ACS logs say
WARNING Cannot replicate to 'server4' - server not responding
Which doesnt help much is there any way to get more detailed log info that could point to an issue? Thanks.
ACS uses port TCP/2000 for replication. This port is also used by the skinny protocol, making the port used by ACS replication process.
ACS replication from primary to secondary fails, the primary reports that it can't contact the secondary, and the secondary does not show any replication activity from the primary.
A firewall between the two ACS servers is configured to inspect the skinny protocol, which uses the same port (TCP/2000) as the ACS replication process.
If you do not have a call manager behind your firewall, please disable
skinny inspect if it is enabled.
#Under the global policy, take the skinny inspection out of the #class inspection_default,
no inspect skinny
You need to do this on both the side.
Plz rate helpful posts-