https://community.cisco.com/t5/network-access-control/acs-3-2-2-build-5-replication-issue/m-p/1264727#M323408 <HTML><HEAD></HEAD><BODY><P>Hi,,</P><P></P><P>ACS uses port TCP/2000 for replication. This port is also used by the skinny protocol, making the port used by ACS replication process.</P><P></P><P>ACS replication from primary to secondary fails, the primary reports that it can't contact the secondary, and the secondary does not show any replication activity from the primary.</P><P></P><P>A firewall between the two ACS servers is configured to inspect the skinny protocol, which uses the same port (TCP/2000) as the ACS replication process.</P><P></P><P>If you do not have a call manager behind your firewall, please disable</P><P>skinny inspect if it is enabled.</P><P></P><P>#Under the global policy, take the skinny inspection out of the #class inspection_default,</P><P></P><P>no inspect skinny</P><P></P><P>You need to do this on both the side.</P><P></P><P>HTH</P><P></P><P>Jk</P><P></P><P>Plz rate helpful posts-</P><P></P></BODY></HTML> Thu, 05 Nov 2009 20:46:22 GMT Jatin Katyal 2009-11-05T20:46:22Z https://community.cisco.com/t5/network-access-control/acs-3-2-2-build-5-replication-issue/m-p/1264726#M323407 <P>Hello All,</P><P></P><P>There are two ACS servers one sits on the inside of an ASA 5510 at the head office and the other sits on the inside of an ASA 5510 at the hot site. </P><P></P><P>Those ASA 5510s were put in to replace two PIX 515Es and the claim is that since the ASAs went in replication has stopped working. This of course makes no sense to me since there is communication between the ACS servers and the firewall is not dropping anything whenever 'replicate now' is issued.</P><P></P><P>Unfortunately I dont know much about ACS so is there anything I can look for to help troubelshoot this the ACS logs say </P><P></P><P>WARNING Cannot replicate to 'server4' - server not responding </P><P></P><P>Which doesnt help much is there any way to get more detailed log info that could point to an issue? Thanks.</P> Sun, 10 Mar 2019 23:46:44 GMT https://community.cisco.com/t5/network-access-control/acs-3-2-2-build-5-replication-issue/m-p/1264726#M323407 kwillacey 2019-03-10T23:46:44Z https://community.cisco.com/t5/network-access-control/acs-3-2-2-build-5-replication-issue/m-p/1264727#M323408 <HTML><HEAD></HEAD><BODY><P>Hi,,</P><P></P><P>ACS uses port TCP/2000 for replication. This port is also used by the skinny protocol, making the port used by ACS replication process.</P><P></P><P>ACS replication from primary to secondary fails, the primary reports that it can't contact the secondary, and the secondary does not show any replication activity from the primary.</P><P></P><P>A firewall between the two ACS servers is configured to inspect the skinny protocol, which uses the same port (TCP/2000) as the ACS replication process.</P><P></P><P>If you do not have a call manager behind your firewall, please disable</P><P>skinny inspect if it is enabled.</P><P></P><P>#Under the global policy, take the skinny inspection out of the #class inspection_default,</P><P></P><P>no inspect skinny</P><P></P><P>You need to do this on both the side.</P><P></P><P>HTH</P><P></P><P>Jk</P><P></P><P>Plz rate helpful posts-</P><P></P></BODY></HTML> Thu, 05 Nov 2009 20:46:22 GMT https://community.cisco.com/t5/network-access-control/acs-3-2-2-build-5-replication-issue/m-p/1264727#M323408 Jatin Katyal 2009-11-05T20:46:22Z https://community.cisco.com/t5/network-access-control/acs-3-2-2-build-5-replication-issue/m-p/1264728#M323409 <HTML><HEAD></HEAD><BODY><P>Wow that did the trick, thanks alot!!! I am concerned that this was not reflected in the firewall logs. I am assuming it was silently dropping it. Is there any way I can ensure that anything that is dropped is logged? </P></BODY></HTML> Thu, 05 Nov 2009 21:35:10 GMT https://community.cisco.com/t5/network-access-control/acs-3-2-2-build-5-replication-issue/m-p/1264728#M323409 kwillacey 2009-11-05T21:35:10Z