Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Administrative sessions on ACS

I have an ACS that handles authentication/authorization for our VPN Concentrator. I noticed more and more that I have to reboot the ACS frequently because it would stop authenticating folks at some point. When I try to login it kicks back with an error indicating maxed administrative sessions. ACS should time out sessions if they aren't being used, correct?

2 REPLIES
Silver

Re: Administrative sessions on ACS

You are hitting bug CSCse26754. ACS/ACSE Administration may do limited session validation. After successful login, ACS does only limited session validation by matching the IP alone. This is due to a weakness in the default configuration of ACS.

New Member

Re: Administrative sessions on ACS

Just so I'm understanding that bug, you're using port 2002 to login but after a successful login you then use a random port from 1024 and up to 6xxxx. Thereafter, ACS will only look at port and not the IP address. I'm not sure how that relates to my experience of ACS not being able to authenticate users through to Novell or Active Directory after a period of time? It will say authentication failed if you telnet to a device that does AAA or login through VPN client off a concentrator who is talking to ACS for AAA.

107
Views
0
Helpful
2
Replies