12-01-2003 12:51 PM - edited 03-10-2019 07:35 AM
I've been having trouble for some time now, trying to get IP Pools to work properly between my ACS server and VPN concentrator.
One thing I noticed within ACS is that AAA authorization needs to be enabled on NAS's that utilize ACS based IP Pools. I've configured this as such on my AS5300 and it works like a champ, however the concentrator has put up a fight.
I've configured the 3030 with the parameters for the ACS server in the authorization list, but the test always fails. I'm not clear on the user password information that's required in the authorization server settings though.
Any suggestions?
12-05-2003 12:14 PM
I think that the IP Pools feature doesn't replicate. The following document from Cisco web site will be of help. Please take a look;
12-09-2003 07:15 AM
Correct, the pools themselves do not replicate.
It appears that I've corrected the issue. I had AAA authentication going primary to ACS server #1 and AAA accounting going to ACS server #2.
Once I configured both AAA functions to go primary to the same ACS server, the issue dissapeared. I suppose for IP pools to work properly, the ACS server needs to see the start stop records so it knows when the addresses it has assigned are actually in use.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide