Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

ACS3.0 VPN3030 IP Pools & AAA Authorization

I've been having trouble for some time now, trying to get IP Pools to work properly between my ACS server and VPN concentrator.

One thing I noticed within ACS is that AAA authorization needs to be enabled on NAS's that utilize ACS based IP Pools. I've configured this as such on my AS5300 and it works like a champ, however the concentrator has put up a fight.

I've configured the 3030 with the parameters for the ACS server in the authorization list, but the test always fails. I'm not clear on the user password information that's required in the authorization server settings though.

Any suggestions?

2 REPLIES
Bronze

Re: ACS3.0 VPN3030 IP Pools & AAA Authorization

I think that the IP Pools feature doesn't replicate. The following document from Cisco web site will be of help. Please take a look;

http://www.cisco.com/warp/public/471/altigagroup.html

Bronze

Re: ACS3.0 VPN3030 IP Pools & AAA Authorization

Correct, the pools themselves do not replicate.

It appears that I've corrected the issue. I had AAA authentication going primary to ACS server #1 and AAA accounting going to ACS server #2.

Once I configured both AAA functions to go primary to the same ACS server, the issue dissapeared. I suppose for IP pools to work properly, the ACS server needs to see the start stop records so it knows when the addresses it has assigned are actually in use.

132
Views
0
Helpful
2
Replies
CreatePlease login to create content