I have 2 ACS SE boxes set up. One is the master, the other gets a copy of the DB via replication and is located in a different geographical area. I want failover for authentication and have installed the Windows agent on a server in the same network as the primary SE box and same for the secondary.
When I set up the agent that is on the network of the secondary, I set the ConfigproviderHost to be the secondary ACS SE box address. I'm wondering if this is accurate now since the agent does not show up with Windows Authentication but only Windows Logging when both were selected at install.
No changes were made to csagent.ini directly.
Should I point the windows agent on the secondary ACS SE's network to the Primary ACS SE's address for the "ConfigProviderHost"? I would like failover for the agents as well, if possible.
I just read your post and would like to know where do you get the "windows agent" from. I also have two acs se boxes and we have just started to move to a domain and active directory. Information about how to use AD for authentication is hard to find.
There is no need to make any change in the ini file. Remote agent will cater both appliance. Now why windows authentication does not show up needs to be troubleshooted.
Make sure that software ver of both ACS and remote agent is same. Try to reinstall that remote agent and see if that fix it.
Else need to check if any firewall is blocking the port between secondary site RA and primary ACS.
The computer running ACS Remote Agent for Windows must be able to ping the ACS Solution Engines that it supports.
â¢Gateway devices must permit traffic between the computer running ACS Remote Agent for Windows and the ACS SE. Specifically, the remote agent must receive TCP communication on TCP ports that you configure in CSAgent.ini. The default TCP ports, if all services are used, are 2004, 2005, 2006, and 2007. The appliance must receive TCP communication on TCP port 2003.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...