02-18-2004 01:30 PM - edited 03-10-2019 07:40 AM
Hi,
we are testing Secure ACS 3.2 Appliance and authentication against AD via remote agents. When two ore more remote agents are registered with the appliance from the network menu, is the Appliance intelligent enough to try the second remote agent machine if it cannot talk to the first one? We tested this failover by stopping the remote agent service on the first domain controller where it was installed. However, failover does not seem to be happening... We want to know if this failover is supposed to work, and if so what we may need to do to make it work.
Yoshi Nagase
Solved! Go to Solution.
02-26-2004 01:06 AM
HI,
I'm implementing a solution similar to yours...2 Appliance ACS with 2 remote Agent...
I've defined the remote agents both on Network Configuration and on External user DB - Windows database - Windows remote Agent Selection.
On this menu set Primary and Secondary remote Agent
Hth
Omar
02-25-2004 07:33 AM
The following URL should give you a better idea,
http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_book09186a0080193ab6.html
02-25-2004 06:03 PM
Thanks a lot for your response!
I went through the user guide (not cover to cover), but could not find where failover of remote agents was discussed. Can you let me know which section discusses this topic?
Best Regards,
Yoshi Nagase
02-26-2004 01:06 AM
HI,
I'm implementing a solution similar to yours...2 Appliance ACS with 2 remote Agent...
I've defined the remote agents both on Network Configuration and on External user DB - Windows database - Windows remote Agent Selection.
On this menu set Primary and Secondary remote Agent
Hth
Omar
02-26-2004 09:23 PM
Omar,
thank you very much for the information! This looks very promising. I will try this tomorrow. Is fault tolerance configuration working for you? Are you specifying multiple configuration providers in the ini file for remote agent?
Regards,
Yoshi
02-26-2004 11:25 PM
HI,
I'm trying to implement...I hope it will work.
You can configure only one Configuration Provider in the ini file.
If you have 2 RA and 2 ACSs the first RA will use as Configuration Provider the first ACS and so on...but for WinAuthentication setup on ACS the RA both on network Config and on External DB Windows Remote Agent Selection so that you should benefit for taulerance
03-02-2004 03:55 PM
Omar,
thank you very much for sharing the information. I have finally tested the failover, both from AP to 2 ACSes, and from ACSes to RA's, and they are working well now.
Best Regards,
Yoshi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide