04-16-2003 12:17 AM - edited 03-10-2019 07:15 AM
Hello Guys,
because we are going to install some Memory on our primary Tacas Server i wan to get more Information about the Redundancy issue. We are using ACS1 and ACS2(red) and both are configure on our PIX like this :
aaa-server acs1 protocol tacacs+
aaa-server acs1 (raz) host 10.60.254.203 hallo timeout 200
aaa-server acs2 protocol tacacs+
aaa-server acs2 (raz) host 10.60.254.204 hallo timeout 200
what will happen if we shutdown the primary ACS ? was the ACS2 automatically Authenticate my Users ?
thanks for any Help
AEF
04-16-2003 04:57 AM
Hello,
For the pix configuration: if it can't make a connection to the first tacacs server (203) it wil send its answer to the second one (204). So you can shutdown the primairy ACS.
Don't forget to configure what action should be authenticated (eg telnet).
For your acs, you must configure which one is primairy and which one is secondary. If this is configured well the created users are synchronized to the backup server and that one can authenticate the user than. So be sure that the acs is configured correctly.
Good luck.
04-16-2003 05:30 AM
Thanks for your answers.
about the configuration "what action should be authenticated (eg telnet). "
the primary is now working correctly and the replication also , i think the same configuration from ACS1 must be match to the ACS2 ? User Profile on ACS1 must be the same on ACS2 via backup and replication or not ?
Thanks
04-16-2003 06:30 AM
Thats correct,
what I meant was that you didn't give the complete configuration. If you are configurring the pix for the first time you must tell what action to the pix must be taken to authenticate.
You must always configure the 2 servers with the same configuration. Some configurations can be replicated, other must be made by your self.
After that you can turn off one server without loosing connections.
Greetings
04-17-2003 06:15 AM
Hello
my config look like this
aaa-server acs1 protocol tacacs+
aaa-server acs1 (raz) host 10.60.254.203 hallo timeout 200
aaa-server acs2 protocol tacacs+
aaa-server acs2 (raz) host 10.60.254.204 hallo timeout 200
both Servers are configure the same.The only action i configure on thePIX is Authentication:
crypto map mymap client authentication acs1
I cannot give the second Server her:
crypto map mymap client authentication acs2
this command ovewrite the first one
can any one tell me how to configure two TAcas on the PIX ? any config samples ?
Thanks
AFE
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: