02-09-2007 06:55 AM - edited 03-10-2019 02:58 PM
Hi, since we upgraded our pix to version 7 tacacs replication has been failing with a 'server not responding message'. Nothing has changed on the servers and they I see a connection on port 2000 made through the firewall which is active for 5mins (the timeout set on the server). Can anyone help with ideas for troublshooting please
thanks
Nicky
02-09-2007 04:36 PM
Sounds like a key (secret_value) mismatch between the PIX and the CS server.
02-12-2007 08:38 AM
Thanks but the key hasnt chnaged and it doesn't give any message about the key failing ?
02-13-2007 06:52 AM
Hi,
On Pix 7.x skinny inspection is enabled by default. Skinny inspection will break ACS replication since it uses port 2000 also.
Disable skinny inspection from any policy map which is applied on pix.
Regards,
Vivek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide