cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
392
Views
0
Helpful
2
Replies

ACS SE Replication through Firewall

lolichet
Level 1
Level 1

Hi all,

I'am setting up replication on a pair of ACS SE 3.3. ACS's are on two diffrent Subnet separated by a Firewall.

The 'AAA Server' tab are filled with tha same key on both server (self + remote).

I have set up the ACS001 to replicate to ACS002.

Altough i can see the tcp session on port 2000 established in the firewall log, in the ACS001 log i can see 'SRO-ACS002 not responding' after 5 minutes (i.e. the replication timeout).

Any idea ?

Thank you very much.

Cheers.

Laurent.

2 Replies 2

miklos.andrasi
Level 1
Level 1

Hi Laurent!

I assume you use 7.x.x softver on the PIX or ASA. If the situation is it, the skinny inspection drops the ACS replication packets. Unfortunately there is a bug that you can't see the packets that are dropped by the SKINNY inspection.

I hope I could help you.

Best Regards,

Miklos Andrasi

Hungary

Hi Miklos,

Thank you for your answer. The customer is using Netscreen Firewalls, not PIX or ASA.

I will try to check if there is a special treatment for skinny trafic.

Thanks.

Best regards,

Laurent.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: