Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
0
Helpful
2
Replies

Cisco ACS 4.1 replication and RSA SecurID integration

kevin.jones1
Level 1
Level 1

‎10-18-2007 04:11 PM - edited ‎03-10-2019 03:27 PM

I have Cisco ACS 4.1 build 23 patch 5 installed on

Windows 2003 Enterprise Edtition Server with

Service Pack 2. This Win2k3, called Win2k3-AD1,

is also an AD controller. On this AD controller

I also installed RSA SecurID Server and I integrate

SecurID with Cisco ACS. I also integrated Cisco

ACS with Microsoft LDAP on the same box.

Now I would like to install Cisco ACS 4.1 build 23

patch 5 on another W2k3 enterprise edition server,

called win2k3-AD2, AD controller and then I want

to replicate ACS between win2k3-AD1 and win2k3-AD2.

Will that work and what about the SecurID part?

Can I use both boxes for load-sharing? Like

half of my devices will go to win2k3-AD1 for

authentication and half of devices will go to

win2k3-AD2 for authentication. How will these

ACS servers handle SecurID integration?

Having a single ACS is easy with SecurID

integration, but adding another ACS makes thing

more complicated.

Comments?

Labels:
0 Helpful
2 Replies 2

Jagdeep Gambhir
Level 10
Level 10

‎10-19-2007 08:54 AM

You need to set external data setting on the second acs manually as replication does not cover it. Other way around is to take backup from primary and restore it to secondary.

Once done only things you need to be careful about IP address change in secondary.

Yes can set up load balancing , lets says you have two sites 1 and 2 . Each site have individual acs

Site 1 Site 2

ACS1 ACS 2

Now for site 1 aaa clients you need to define acs1 as primary and acs 2 as secondary ...where in on Site 2 aaa clients you need to define acs2 as primary and acs1 as secondary.

Hope that helps

~Regards,

~JG

Please rate helpful posts

0 Helpful

kevin.jones1
Level 1
Level 1
In response to Jagdeep Gambhir

‎10-19-2007 09:36 AM

I know that type of load-balancing. What

I am referring to is to put 2 ACS behind a

load balancer like a F5 BigIP so it will

balance that way. I wonder if it will work

that that way. I want all devices in my network

to have unify configuration.

you said: "You need to set external data setting on the second acs manually as replication does not cover it. Other way around is to take backup from primary and restore it to secondary."

Are you telling me that the secondary ACS

will work with RSA too? If so, how?

Did you get it working in either a lab

or production environment?

0 Helpful
Customers Also Viewed These Support Documents