Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Replicating ACS Database From Primary to Secondary Over NAT

Does any knows that it is possible to replicate the ACS database when the primary and the secondary ACS servers are residing in two different DMZs. All traffic leaving the DMZ must be natted. I am receiving an error of "key mismatch" on the secondary server denying the authentication from the primary server when I know that the shared secret key is the same on both servers. Would this "key mismatch" be related to the nature of NAT? Please advise....

Cisco Employee

Re: Replicating ACS Database From Primary to Secondary Over NAT

Yes, you cannot do replication between two ACS servers that are using NATted IP addresses. The secret key plus the AAA server IP address is the authentcation function, so if the AAA server IP is different, the authentication will fail. Using NAT for replication is not yet supported and will not work.