Hi,
I have in the last 6 months migrated all of our network appliances ad VPN users from our old windows ACS V4 to a V5.4 appliance which is behind a firewall on our management LAN. I have now stopped the old ACS but to ensure we did not get locked out of any network devices that were missed during the migration came up with the following plan.
1. Put a static route on our network to point requests to the old ACS server to the outsid einterfce of the management firewall
2. Apply a NAT to these requests to translate them tot he IP address of the new management firewall.
3. Apply an access rule to allow tacacs requests on TCP/49 through the firewall.
This did not work as planned and after tracing traffic through the network the access rules we bieng hit, traffic was passing through the firewall, hwoever ACS service requests were being denied. Has anyone any thoughts as to why this would occur. Any ideas would be appreciated.
Regards,
Dan.