Can set any IP on ACS 4.0 SE - accept the one I need
We are trying to upgrade from an ACS 3.2 for Windows server to our new ACS 4.0 SE box. We have upgraded the Windows box to 4.0, backed up the configuration and restored it to the new box. We have pointed a couple of clients to the new box for testing, and can authenticate. So far so good, but when we went to the final step, assigning the IP address of the old server to the new box, we had a problem ? the ACS SE box will not let us assign the address to the local NIC ? I get an message that the configuration could not be assigned to the NIC.
To go into detail on what was done:
The Windows server was changed from x.x.3.45 to x.x.0.45 (we use a 255.255.248.0 subnet mask), and rebooted.
On the ACS SE box, I used set IP to change the IP from x.x.0.20 (used for testing and setting up the configuration) to x.x.3.45. The system would not complete this step - This is when The system indicated that the configuration could not be applied to the NIC.
I then set the NIC to DHCP, which was success fully applied. I then set the NIC to x.x.3.46, which it also accepted. At this point I thought it may be doing DNS lookup, and seeing another host name for the IP, so I deleted the PTR record for x.x.3.45, and tried setting that as the IP again. I got the same response.
I thought it for some reason could be detecting an IP conflict, so I tried setting the IP to an address I knew was in use. As I expected, this did not work, but the error did say IP conflict ? and I was not getting that error on x.x.3.45.
At this point I moved the connection on the ACS to the other Ethernet interface, but that did not improve the issue.
I tried performing a reboot on the ACS box, but still could not set the desired IP address. At this point what I thought would be a 5 minute outage for VPN authentication had lasted 45 minutes, and I had to put the target address back on the Windows ACS server.
Any idea what is causing this? I can set the IP address of the ACS SE to any IP accept for the one that I need! Since we have 70+ Cisco devices that point to x.x.3.45 for authentication, we really do not want to change the address of our ACS.
Re: Can set any IP on ACS 4.0 SE - accept the one I need
It strikes me as odd that it will not let me set the IP address to the value that is already part of the restored config, since the product documentation gives this as the migration procedure. I'd think that this would be a common problem, but I can't find any reference to it.
I guess my next step is to schedule a longer outage, reload the appliance with a fress O/S, shut down the older server, give the appliance the correct IP and attempt to restore the config from the old box
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :