I recently upgraded to ACS 220.127.116.11.3 and when I try to configure replication I get "Cannot replicate to 'bos2-23-acs-1' - server not responding".
I can ping the IP and hostname listed above. Since we were using IPsec between sites, I also verified that the replication was being sent from the Master over port TCP 2000.
Our setup is as follows. Master in NY, Slave in Boston. The master has a few Replication Components selected that match the slave. Outbound Replication is set as per the schedule on the Master. The Replication Partner is selected from the list on the Master. On the Slave, matching Replication Components are selected. Outbound rep set to manual. The Master is listed as a AAA server (not partner). Inbound Replication is configured to accept replication from the Master with a 15 minute timeout (matches Master).
When I click "Replicate Now" from the Master, I get "Cannot replicate to 'bos2-23-acs-1' - server not responding". I have also tried a reboot and to pull from the slave (no luck).
1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication
2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.
3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.
4) Ensure that the secondary server has it's replication scheduling set to "manual".
5) Please verify that your servers are all running exactly the same ACS version and build.
6) Check if we have any firewall in between two acs servers. Incase you do , then please have your firewall checked and reconfigured to disable any inspection on port 2000.
I have tried the suggestions listed in the past two posts. I also checked the settings a second and third time. Unfortunately, it's still not working. Any chance I could debug this or enable detailed logging to see why it's failing?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :