Cisco Support Community
Community Member

Dual ACE servers dial-up VPN on a 3600 router

We currently have VPN users connecting through a 3640 router and want to add a 2nd RSA ACE server.

The 3640 is using IOS 12.3

Does any one know if this will support a 2nd RSA server?

Hall of Fame Super Gold

Re: Dual ACE servers dial-up VPN on a 3600 router


Some more detail about what you are doing would be helpful and enable us to give you better answers. Would I be correct in assuming that if you are terminating VPN sessions on the 3640 that you are using TACACS or Radius to authenticate with the RSA server? If so then I believe that the answer is affirmative - the 3640 does support a second TACACS or Radius server.



Community Member

Re: Dual ACE servers dial-up VPN on a 3600 router

you can use native Radius Server that comes with

RSA Server to autheticate VPN users. You can

add a second RSA Server replica (provided you

have the primary RSA server in place) and it

will replicate the user database from the

primary RSA to the secondary RSA. From the

Cisco 3640, you will have two Radius entries,

one with the IP address of the primary RSA

server and another entry with the IP address

of the secondary RSA server.

I am using RSA server to terminate vpn users

on my cisco 2621 routers with this scenario

but my configuration is a bit more complicated

than yours. I have ACS server that will proxy

off the connection to the RSA Server (I

have RSA agent installed on the ACS). But the

first approach is much easier.

Good luck.


CCIE Security

Checkpoint CCSE NGx

CreatePlease to create content