I know that the ACS replicates the entire database from primary to secondary, and not vice-versa.. My scenario is:
primary ACS goes down, and the secondary takes over.. now, all user addition etc, is done on the secondary ACS.. now, when the primary comes back again, will it overwrite the secondary database and should we recreate the configs ? or is it that the secondary ACS replicates its data to primary ? its kinda confusing !
I'm gonna do ACS replication in a few days, and wanted to be really sure of this.
Right JG.. Just wanted to confirm on this ! Doesnt it look like a flaw :) There should have been something like HSRP or pre-empt concept here, but i know it is really tough to manage from NAD point of view..
The *only* safe way to manage this is to have a config master onto which all management is done.
Have this replicate to master and slave servers which service actual authentication traffic.
Since admin changes rarely cause ACS crashes its unlikely the primary would ever be unavailable for more than a few seconds (during initial stage of outbound replication, or someone clicks submit+restart)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...