Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACS3.1 Proxy Distribution to ACE problem

i have 2x ACS3.1 servers, and can get the first to proxy off a request to the second ACS [proxy distribution table]. This works 100% if the user has a local ACS db password on the 2nd ACS, but fails if 2nd ACS passes the authentication request on to ACE SecurID Server.

the flow is as follows:

1)user attempts authentication

2)ACS#1 receives authentication request and forwards onto ACS#2 as per Proxy Distribution table.

3)ACS#2 in turn passes this off to RSA ACE server

4)ACE passes authentication

5)ACS#2 receives ok from ACE and logs it in 'passed authentications'.

6)BUT user authentication request seems to time out !

Not sure if ACS#1 receives the ok from ACS#2 , or if ACS#1 does not send the ok to user? [If user has local ACS password on ACS#2 then all works ok].

any ideas?

thanks!

1 REPLY
Community Member

Re: ACS3.1 Proxy Distribution to ACE problem

an update:

i can get the proxy distribution to the ACS#2 with ACE authentication to work when attempting the authentication from an IOS router, but it fails from a VPN3000 concentrator....

thanks!

179
Views
0
Helpful
1
Replies
CreatePlease to create content