Because you are using RSA ACE agent (i.e. sdconf.rec)
So from ACS point of view, ACS has RSA Secure ID as the External Database.
So one you have configured both ACS servers properly with RSA ACE Agent (i.e. External User Databases on ACS is okay).
then you simply need to replicate the configuration from Primary ACS Server to secondary ACS server. But Remember that External Database configuration section is not replicated, so ensure that External Database part is configured first on both the servers before moving for Replication part.
Now as both the ACS database will have users and pointing to RSA Secure ID.
So it totally depends on RSA ACE client, how it flip flops between the redundant RSA servers in its configuration.
As ACS will proxy the request to RSA ACE client for authentication.
Now because you have ACS and RSA on same server.
One thing you need to ensure is that on the NAS(Router, Switch, AP, Firewall etc) devices,
You have configured both the ACS(and RSA) server's IP address.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...