cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
713
Views
0
Helpful
3
Replies

Cisco Secure TACACS replication failing

nickyh_is
Level 1
Level 1

Hi, since we upgraded our pix to version 7 tacacs replication has been failing with a 'server not responding message'. Nothing has changed on the servers and they I see a connection on port 2000 made through the firewall which is active for 5mins (the timeout set on the server). Can anyone help with ideas for troublshooting please

thanks

Nicky

3 Replies 3

Sounds like a key (secret_value) mismatch between the PIX and the CS server.

Thanks but the key hasnt chnaged and it doesn't give any message about the key failing ?

Vivek Santuka
Cisco Employee
Cisco Employee

Hi,

On Pix 7.x skinny inspection is enabled by default. Skinny inspection will break ACS replication since it uses port 2000 also.

Disable skinny inspection from any policy map which is applied on pix.

Regards,

Vivek