We have two Data Centres with the primary ACS server in one and I am trying to install a secondary ACS server in the second one.
They communicate at a TCP level but I cant get the second ACS to replicate the first one. They are both installed on windows 2003 server and they are both also DNS and domain controllers. In desperation I tried setting the timeout to 240 minutes and going home and leaving it but to no avail..
ANY ideas will be welcome, dont think he MUST have tried that because I may not have .
The two data centres each have an ASA protecting them. As we are at the lab stage the ASAs are left open and the WAN is simulated via a couple of routers and a LAN. If I by-pass the ASAs and just use a routed connection, the two servers replicate. Going through the ASAs seems to stop replication from happening and the log of the second ACS is totally blank. A sniffer on the LAN picks up a heap load of packets between the two ACSs.
If I had a beard I would be stroking it and going hmmm while looking puzzled.
I think the beard idea works really well. You need to make sure its good and long and bushy enough to hold several pencils ;)
...but back to replication If you look in the csauth/logs/auth.log on the master server do you see replication error messages. Hint look for strings of the form "replice(out)". If its having trouble talking to the slave there will be heaps of errors.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...