Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
2
Replies

Cisco ACS 5.4 patch 6

cciesec2011
Level 3
Level 3

‎06-08-2014 02:40 PM - edited ‎03-10-2019 09:46 PM

Hi Everyone,

 

I have a Primary Cisco ACS, called CiscoACS1, version 5.4 patch 6 with an IP address of 1.1.1.1/24 and a Secondary ACS, called CiscoACS2, version 5.4 patch 6 with an IP address of 1.1.1.2/24.

Connectivity between them is ok, same subnets.  I register CiscoACS2 with CiscoACS1 and everything is working fine, including Active Directory.  Both of these ACSes are used to authenticate my network devices.

Every time I use the webUI to log into the Secondary ACS (https://CiscoACS2), I can see that the CiscoACS2 is synced with CiscoACS1, the status is always "UPDATED"

 

However, if I webUI into the Primary ACS (https://CiscoACS1), I always see CiscoACS2 as "pending". 

 

I've tried to do "full replication" and eventually it will show up as "UPDATED" but a few hours later, it will show up as "PENDING".

 

Anyone knows why?  Is this a "bug"?

 

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

abwahid
Level 4
Level 4

‎06-13-2014 06:16 AM

Hi,

If replication status on ACS1 GUI is showing pending then you know, full replication happens over the Sybase DB TCP port 2638, so your port need to be open in firewall.

0 Helpful

cciesec2011
Level 3
Level 3
In response to abwahid

‎06-14-2014 03:15 AM

Are you working for Cisco?  What do you mean by "port need to be open in firewall"?

Both CiscoACS1 and CiscoACS2 are sitting on the SAME subnet.  Why do I need to open ports on the firewall?

0 Helpful
Customers Also Viewed These Support Documents