Re: Help with setting up Secondary ACS Server posted 04/20/2008
- Subject: Re: Help with setting up Secondary ACS Server
- From: "Cacca Mucca" <caccamucca@xxxxxxxxx>
- Date: Sun, 20 Apr 2008 18:49:08 +0200
- Cc: cisco@xxxxxxxxxxxxxx, "Cisco certification" <ccielab@xxxxxxxxxxxxxx>
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=VYId2tstcbWG5++YlzhbtwuQXhA3JUqXPvXb6C5ZFI0=; b=FqSWWeL9nH7kIScnfTi7vo1XTAvIexoXgHP1+bKBLxkLQEdddeNP7Ql41RDipuHF1wW8LQPEj0nh2girwTU94ZlLoGkuBjugnG9kbPO8usdHABgNjg49brtLF+cv5qysfITFNv4bM1rE68Rfouh2WENDCQvEVGuKFFb9Mbj1tzw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=aQPbI99eWKWX88ffB676XLTXuRAKzx5nj73Qnlahcesr2Cw6OW+NOfTAQe+dNDhnxdTuVewNC72nIhQRhTeaG2CaPQO9gn4TV/ZsmZlv7Gv1xx02Tlbo1IMr/9F4N6hHimiNUaA+8y5EZWz/1dNnCKg1yscXQBZv26qg5qs6674=
- In-reply-to: <480AE9CB.email@example.com>
- References: <firstname.lastname@example.org> <480AE9CB.email@example.com>
I'll try your suggestions when I return to work tomorrow.
On Sun, Apr 20, 2008 at 8:59 AM, Christian Zeng <christian@xxxxxxxxx> wrote:
> * Cacca Mucca wrote:
> > 3. Modified both firewalls for all traffic between the two servers
> Make sure to disable skinny protocol inspection (pix/asa). I had that
> problem a week ago and received this hint from TAC).
> 4. Followed Cisco documentation (an oxymoron)
> > a. Added both servers as AAA Servers on both databases
> > b. They both have the same shared secret
> On each ACS, not only the key for the other ACS must be set, but the key
> for "Self" must also equal to the same shared key.
> c. Primary is configured to send and secondary is configured
> > to receive
> Just to make sure: You configure "Internal database replication", not
> "database synchronization", correct?