Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

just a small question about ACS v3.0 for Windows

Hello Guys,

because we are going to install some Memory on our primary Tacas Server i wan to get more Information about the Redundancy issue. We are using ACS1 and ACS2(red) and both are configure on our PIX like this :

aaa-server acs1 protocol tacacs+

aaa-server acs1 (raz) host 10.60.254.203 hallo timeout 200

aaa-server acs2 protocol tacacs+

aaa-server acs2 (raz) host 10.60.254.204 hallo timeout 200

what will happen if we shutdown the primary ACS ? was the ACS2 automatically Authenticate my Users ?

thanks for any Help

AEF

4 REPLIES
New Member

Re: just a small question about ACS v3.0 for Windows

Hello,

For the pix configuration: if it can't make a connection to the first tacacs server (203) it wil send its answer to the second one (204). So you can shutdown the primairy ACS.

Don't forget to configure what action should be authenticated (eg telnet).

For your acs, you must configure which one is primairy and which one is secondary. If this is configured well the created users are synchronized to the backup server and that one can authenticate the user than. So be sure that the acs is configured correctly.

Good luck.

New Member

Re: just a small question about ACS v3.0 for Windows

Thanks for your answers.

about the configuration "what action should be authenticated (eg telnet). "

the primary is now working correctly and the replication also , i think the same configuration from ACS1 must be match to the ACS2 ? User Profile on ACS1 must be the same on ACS2 via backup and replication or not ?

Thanks

New Member

Re: just a small question about ACS v3.0 for Windows

Thats correct,

what I meant was that you didn't give the complete configuration. If you are configurring the pix for the first time you must tell what action to the pix must be taken to authenticate.

You must always configure the 2 servers with the same configuration. Some configurations can be replicated, other must be made by your self.

After that you can turn off one server without loosing connections.

Greetings

New Member

Re: just a small question about ACS v3.0 for Windows

Hello

my config look like this

aaa-server acs1 protocol tacacs+

aaa-server acs1 (raz) host 10.60.254.203 hallo timeout 200

aaa-server acs2 protocol tacacs+

aaa-server acs2 (raz) host 10.60.254.204 hallo timeout 200

both Servers are configure the same.The only action i configure on thePIX is Authentication:

crypto map mymap client authentication acs1

I cannot give the second Server her:

crypto map mymap client authentication acs2

this command ovewrite the first one

can any one tell me how to configure two TAcas on the PIX ? any config samples ?

Thanks

AFE

136
Views
0
Helpful
4
Replies