https://community.cisco.com/t5/network-access-control/issues-with-acs-replication/m-p/955643#M419645 <P>We have 2 ACS appliances that are separated by a WAN.</P><P></P><P>Both appliances are at the same software version and I have replication set up per Cisco's (as well as others') directions.</P><P></P><P>When I run replication, I get the error "Cannot replicate to 'ciscoacs2' - server not responding".</P><P></P><P>If I try replication in the other direction, I get the same error.</P><P></P><P>I can ping both appliances and access the web interface from both subnets.</P><P></P><P>There is a firewall between them, but I have port 2000 open and I do not see any other deny messages relating to the ACS replication in the firewall logging.</P><P></P><P>I ran a sniffer on the receiving appliance's port and got the following:</P><P></P><P>10.127.101.5 10.127.80.63 TCP evb-elm &gt; cisco-sccp [SYN] Seq=0 Win=65535 Len=0 MSS=1380</P><P></P><P>10.127.101.5 10.127.80.63 TCP evb-elm &gt; cisco-sccp [ACK] Seq=1 Ack=1 Win=65535 Len=0</P><P></P><P>10.127.80.63 10.127.101.5 TCP cisco-sccp &gt; evb-elm [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460</P><P></P><P>10.127.101.5 10.127.80.63 TCP evb-elm &gt; cisco-sccp [RST] Seq=25 Win=0 Len=0</P><P></P><P>10.127.80.63 10.127.101.5 TCP [TCP Dup ACK 1515#1] cisco-sccp &gt; evb-elm [ACK] Seq=1 Ack=1 Win=65535 Len=0</P><P></P><P>Logging on the devices themselves is terrible, so I really have no idea what would be causing replication to fail.</P><P></P><P>Thanks.</P><P></P><P>Jason</P> Sun, 10 Mar 2019 22:43:23 GMT jwilliams 2019-03-10T22:43:23Z https://community.cisco.com/t5/network-access-control/issues-with-acs-replication/m-p/955643#M419645 <P>We have 2 ACS appliances that are separated by a WAN.</P><P></P><P>Both appliances are at the same software version and I have replication set up per Cisco's (as well as others') directions.</P><P></P><P>When I run replication, I get the error "Cannot replicate to 'ciscoacs2' - server not responding".</P><P></P><P>If I try replication in the other direction, I get the same error.</P><P></P><P>I can ping both appliances and access the web interface from both subnets.</P><P></P><P>There is a firewall between them, but I have port 2000 open and I do not see any other deny messages relating to the ACS replication in the firewall logging.</P><P></P><P>I ran a sniffer on the receiving appliance's port and got the following:</P><P></P><P>10.127.101.5 10.127.80.63 TCP evb-elm &gt; cisco-sccp [SYN] Seq=0 Win=65535 Len=0 MSS=1380</P><P></P><P>10.127.101.5 10.127.80.63 TCP evb-elm &gt; cisco-sccp [ACK] Seq=1 Ack=1 Win=65535 Len=0</P><P></P><P>10.127.80.63 10.127.101.5 TCP cisco-sccp &gt; evb-elm [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460</P><P></P><P>10.127.101.5 10.127.80.63 TCP evb-elm &gt; cisco-sccp [RST] Seq=25 Win=0 Len=0</P><P></P><P>10.127.80.63 10.127.101.5 TCP [TCP Dup ACK 1515#1] cisco-sccp &gt; evb-elm [ACK] Seq=1 Ack=1 Win=65535 Len=0</P><P></P><P>Logging on the devices themselves is terrible, so I really have no idea what would be causing replication to fail.</P><P></P><P>Thanks.</P><P></P><P>Jason</P> Sun, 10 Mar 2019 22:43:23 GMT https://community.cisco.com/t5/network-access-control/issues-with-acs-replication/m-p/955643#M419645 jwilliams 2019-03-10T22:43:23Z https://community.cisco.com/t5/network-access-control/issues-with-acs-replication/m-p/955644#M419646 <HTML><HEAD></HEAD><BODY><P>One update if it will help. I've been doing some research and I found that ACS replication doesn't like NAT and replication will fail if the IP address is changed through NAT.</P><P></P><P>While NAT is running on the firewall that our ACS appliance is behind, there is a static mapping to basically keep the NAT address the same. So NAT is being applied, but NAT is just giving it the same address.</P><P></P><P>I don't know if the NAT process is what's causing the problem? Based on the sniff I posted earlier, the source address of 101.5 is the IP of the ACS appliance.</P><P></P><P>Taking the device out from behind the firewall could be an option, but it would be a last resort because we would then need to reconfigure all of our equipment to point to the new address, and we have a lot of equipment.</P><P></P><P>Thanks.</P><P></P><P>Jason</P></BODY></HTML> Thu, 20 Mar 2008 15:36:04 GMT https://community.cisco.com/t5/network-access-control/issues-with-acs-replication/m-p/955644#M419646 jwilliams 2008-03-20T15:36:04Z https://community.cisco.com/t5/network-access-control/issues-with-acs-replication/m-p/955645#M419647 <HTML><HEAD></HEAD><BODY><P>Following links may help you</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00800e518a.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00800e518a.shtml</A></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml</A></P></BODY></HTML> Thu, 20 Mar 2008 18:22:48 GMT https://community.cisco.com/t5/network-access-control/issues-with-acs-replication/m-p/955645#M419647 tstanik 2008-03-20T18:22:48Z