05-31-2012 01:11 PM - edited 03-10-2019 07:09 PM
Greetings,
I have a simple ASA, ACS, AD schema for RA VPN authentication. All is working for a few months now, but since the initial deployment we have this connectivty issue regarding ACS and MS AD. At random intervals, 1 month/1 week, the ACS connection status becomes "DISCONNECTED" although the CLI shows that ad client is running. But because of that, no RA VPNs can be authenticated. Clock is not a problem, since it didn't change automatically nor was manually configured prior to the malfunction.
What do I do to fix this?
I change the domain name, from the currently working xx.com, to cisco.com for instance, so I can get an error message. Then I set the correct domain name again and click on "Test Connection" until I get a successful message so I can press Save Changes. That usually takes 10-15 tries.
After some research I've noticed a LOT of people have this same problem, even on ACS 5.3. I was wondering if anybody has an oficial solution. I'm not sure how to see the log messages on the ACS itself for further troubleshooting on this matter, but since a simple procedure like the above solves the problem, I'm thinking of a bug. And because of that, I'll apply the latest patch 5.2.0.26 (10) tonight, hoping it solves this odd behaviour.
Any thoughts?
Thanks in advance.
Regards, Daniel
05-31-2012 01:12 PM
This sub board is for Wireless Security Questions.
You would be better served to move this question to the Security > VPN boards
HTH,
Steve
-----------------------------------------
Please remember to rate useful posts, and mark questions as answered
05-31-2012 01:18 PM
Thanks for the tip. I've moved to the Security > AAA section now
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: