Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1762
Views
0
Helpful
4
Replies

just a small question about ACS v3.0 for Windows

aessome
Level 1
Level 1

‎04-16-2003 12:17 AM - edited ‎03-10-2019 07:15 AM

Hello Guys,

because we are going to install some Memory on our primary Tacas Server i wan to get more Information about the Redundancy issue. We are using ACS1 and ACS2(red) and both are configure on our PIX like this :

aaa-server acs1 protocol tacacs+

aaa-server acs1 (raz) host 10.60.254.203 hallo timeout 200

aaa-server acs2 protocol tacacs+

aaa-server acs2 (raz) host 10.60.254.204 hallo timeout 200

what will happen if we shutdown the primary ACS ? was the ACS2 automatically Authenticate my Users ?

thanks for any Help

AEF

Labels:
0 Helpful
4 Replies 4

r.vanwolferen
Level 1
Level 1

‎04-16-2003 04:57 AM

Hello,

For the pix configuration: if it can't make a connection to the first tacacs server (203) it wil send its answer to the second one (204). So you can shutdown the primairy ACS.

Don't forget to configure what action should be authenticated (eg telnet).

For your acs, you must configure which one is primairy and which one is secondary. If this is configured well the created users are synchronized to the backup server and that one can authenticate the user than. So be sure that the acs is configured correctly.

Good luck.

0 Helpful

aessome
Level 1
Level 1
In response to r.vanwolferen

‎04-16-2003 05:30 AM

Thanks for your answers.

about the configuration "what action should be authenticated (eg telnet). "

the primary is now working correctly and the replication also , i think the same configuration from ACS1 must be match to the ACS2 ? User Profile on ACS1 must be the same on ACS2 via backup and replication or not ?

Thanks

0 Helpful

r.vanwolferen
Level 1
Level 1
In response to aessome

‎04-16-2003 06:30 AM

Thats correct,

what I meant was that you didn't give the complete configuration. If you are configurring the pix for the first time you must tell what action to the pix must be taken to authenticate.

You must always configure the 2 servers with the same configuration. Some configurations can be replicated, other must be made by your self.

After that you can turn off one server without loosing connections.

Greetings

0 Helpful

aessome
Level 1
Level 1
In response to r.vanwolferen

‎04-17-2003 06:15 AM

Hello

my config look like this

aaa-server acs1 protocol tacacs+

aaa-server acs1 (raz) host 10.60.254.203 hallo timeout 200

aaa-server acs2 protocol tacacs+

aaa-server acs2 (raz) host 10.60.254.204 hallo timeout 200

both Servers are configure the same.The only action i configure on thePIX is Authentication:

crypto map mymap client authentication acs1

I cannot give the second Server her:

crypto map mymap client authentication acs2

this command ovewrite the first one

can any one tell me how to configure two TAcas on the PIX ? any config samples ?

Thanks

AFE

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents