A dispersed ACS deployment is useful for organizations that have campuses located throughout the world. There may be a home campus where the primary network resides, but there may be additional LANs, sized from small to large, in campuses in different regions.
To optimize AAA performance, each of these remote campuses should have its own AAA infrastructure. See Figure 1-5. The centralized management model should still be used to maintain a consistent, synchronized AAA policy.
A centralized-configuration, primary ACS server and separate Monitoring and Report server should still be used. However, each of the remote campuses will have unique requirements.
Just out of curiosity is your dns environment replicated between both sites? If not, you can try to create another dns alias (cname) and have site resolve to primary and site b resolve to secondary. Then create another alias records which reverses the order at both sites?
DNS is separate but contains overlapping info for both locations. The LDAP server name is configured on both sides. although I guess I could call it something completely different, however, the LDAP store was configured with IP addresses originally. I will have to think about it.
Thanks for the idea
At this point I have deregistered the secondary and edited the access policy to use the local resources.
for the mac filtering, I am thinking that I will update campus 1 and export the cvs.
Yes, only if I have primary and secondary setup, but I can't figure out a way for campus 2 to point to local resources. so currently it's detached. The cname would have done the trick, but our LDAP servers share the same dns name so I can't use cname because it would still send ldap requests to campus 1 due to the round robin.
Here is a guide that explains how you can process dns replies based on the clients source ip address. This may allow you resolve the dns queries per your design. I didnt get a chance to get deep into this but though this would be something you were after:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...