Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACS 5.4 1121 two NICs causes deny tcp (no connection) on ASA log

ASA ACS.jpg

Hello,

I have two ACS 1121 appliances and we have configured a second NIC port (Gig 0 and 1) on the appliances in seperate subnets.

Gig 0 Nic is configured with IP on my management VLAN 10.

Gig 1 Nic is configured on production VLAN 20 for TACACS authentication of my network devices.

The  Switch management IP is also in VLAN 10.

The ASA is spewing out Deny tcp (no connection) 49/ flags RST messages whenever I connect both ACS nics to network and attempt to login into my switch.

Seems like I have a routing issue. If I remove Gig 0 ASA does not complain with above error.

Switch has vlan 10 ip address as tacacs source interface and mgt ip.

Question : On the ACS 1121 appliance what should I set the ip default gateway to? VLAN 10 or VLAN 20 gateway?

Question: Should I remove  ip default gateway statement on ACS appliance when I have two nics connected?

Question: Will ACS 1121 attempt to respond to TACACS requests on both Gig 0 and 1 interfaces or just Gig 1?

We have a security requirement to have the ACS management interface in a mgt vlan (10) and another ACS interface for responding to tacacs request vlan (20).

Best regards

Scott

.

186
Views
0
Helpful
0
Replies
CreatePlease to create content