Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1623
Views
0
Helpful
2
Replies

ACS3.0 VPN3030 IP Pools & AAA Authorization

d.parks
Level 1
Level 1

‎12-01-2003 12:51 PM - edited ‎03-10-2019 07:35 AM

I've been having trouble for some time now, trying to get IP Pools to work properly between my ACS server and VPN concentrator.

One thing I noticed within ACS is that AAA authorization needs to be enabled on NAS's that utilize ACS based IP Pools. I've configured this as such on my AS5300 and it works like a champ, however the concentrator has put up a fight.

I've configured the 3030 with the parameters for the ACS server in the authorization list, but the test always fails. I'm not clear on the user password information that's required in the authorization server settings though.

Any suggestions?

Labels:
0 Helpful
2 Replies 2

vkapoor5
Level 5
Level 5

‎12-05-2003 12:14 PM

I think that the IP Pools feature doesn't replicate. The following document from Cisco web site will be of help. Please take a look;

http://www.cisco.com/warp/public/471/altigagroup.html

0 Helpful

d.parks
Level 1
Level 1
In response to vkapoor5

‎12-09-2003 07:15 AM

Correct, the pools themselves do not replicate.

It appears that I've corrected the issue. I had AAA authentication going primary to ACS server #1 and AAA accounting going to ACS server #2.

Once I configured both AAA functions to go primary to the same ACS server, the issue dissapeared. I suppose for IP pools to work properly, the ACS server needs to see the start stop records so it knows when the addresses it has assigned are actually in use.

0 Helpful
Customers Also Viewed These Support Documents