topic Re: Cisco ACS 4.1 replication and RSA SecurID integration in Network Access Control

Cisco ACS 4.1 replication and RSA SecurID integration

kevin.jones1 — Sun, 10 Mar 2019 22:27:30 GMT

I have Cisco ACS 4.1 build 23 patch 5 installed on

Windows 2003 Enterprise Edtition Server with

Service Pack 2. This Win2k3, called Win2k3-AD1,

is also an AD controller. On this AD controller

I also installed RSA SecurID Server and I integrate

SecurID with Cisco ACS. I also integrated Cisco

ACS with Microsoft LDAP on the same box.

Now I would like to install Cisco ACS 4.1 build 23

patch 5 on another W2k3 enterprise edition server,

called win2k3-AD2, AD controller and then I want

to replicate ACS between win2k3-AD1 and win2k3-AD2.

Will that work and what about the SecurID part?

Can I use both boxes for load-sharing? Like

half of my devices will go to win2k3-AD1 for

authentication and half of devices will go to

win2k3-AD2 for authentication. How will these

ACS servers handle SecurID integration?

Having a single ACS is easy with SecurID

integration, but adding another ACS makes thing

more complicated.

Comments?

Re: Cisco ACS 4.1 replication and RSA SecurID integration

Jagdeep Gambhir — Fri, 19 Oct 2007 15:54:52 GMT

You need to set external data setting on the second acs manually as replication does not cover it. Other way around is to take backup from primary and restore it to secondary.

Once done only things you need to be careful about IP address change in secondary.

Yes can set up load balancing , lets says you have two sites 1 and 2 . Each site have individual acs

Site 1 Site 2

ACS1 ACS 2

Now for site 1 aaa clients you need to define acs1 as primary and acs 2 as secondary ...where in on Site 2 aaa clients you need to define acs2 as primary and acs1 as secondary.

Hope that helps

~Regards,

~JG

Please rate helpful posts

Re: Cisco ACS 4.1 replication and RSA SecurID integration

kevin.jones1 — Fri, 19 Oct 2007 16:36:55 GMT

I know that type of load-balancing. What

I am referring to is to put 2 ACS behind a

load balancer like a F5 BigIP so it will

balance that way. I wonder if it will work

that that way. I want all devices in my network

to have unify configuration.

you said: "You need to set external data setting on the second acs manually as replication does not cover it. Other way around is to take backup from primary and restore it to secondary."

Are you telling me that the secondary ACS

will work with RSA too? If so, how?

Did you get it working in either a lab

or production environment?