Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
2
Replies

ACS replication and NAT

r-marchetti
Level 1
Level 1

‎03-17-2005 06:42 AM - edited ‎03-10-2019 02:03 PM

Hi all,

I've the following question: is it possible to set up a replication between 2 server running the same version of ACS, but with 1 server behind a PIX running static NAT (private IP address of one server is statically mapped to a public address)?

I was able to manage the replication when the two servers on the same LAN, but when I move the second server on the private LAN I obtain error "shared secret mismatch".

Any idea?

Thanks

Regards

Roberto

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎03-17-2005 03:03 PM

ACs versions 3.1 and greater will not work with replication and NAT'ing. The security of the replication process was increased in these version, and the originating server hashes it's own IP address (the non-NAT'd version of it) into the data to be used as part of the verification process.

If the receiving server sees this from a different IP address due to the NAT'ing then it will fail and produce the "shared secret mismatch" error you're seeing.

Sorry, no way around it unfortunately.

0 Helpful

r-marchetti
Level 1
Level 1
In response to gfullage

‎03-21-2005 03:36 AM

Hi,

could you please send me a document where this "limitation" is highlighted, because we've to give customer some reasons about that.

Thanks

Regards

Roberto

0 Helpful
Customers Also Viewed These Support Documents