Re: Database replication errors - between two appliance 113

wordworship · ‎03-08-2007

I have two Secure ACS appliances - primary and a secondary. The secondary is behind the firewall and so we have the IP addresses nat'ed. I can get to the sec appliance via the natt'ed Ip address, but it the primary server says he does not see it. below is the error message I am getting

Inbound database replication from ACS 'Primary' denied - shared secret mismatch

i did read thru the earlier conversation, but It does not solve the issues I am haivng with the replication.

Pls help.

Vivek Santuka · ‎03-08-2007

Hi,

Usually "shared secret" mismatch means the primary's self key and the primary's key on secondary server do not match.

I would like to to point out that replication is not supported with NAT.

Regards,

Vivek

wordworship · ‎03-08-2007

its worked before. the keys do match.

below is the link that the TAC engineer sent to me:

Vivek Santuka · ‎03-09-2007

Hi,

No link in the above post.

Bust if you are using ACS 4 then please check the keys of the NDG and try moving the AAA Server entry to a different NDG.

Regards,

Vivek

wordworship · ‎03-09-2007

Vivek,

Thanks for yor response.

Oops. Sorry about that. below is the link I was give:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml#configure_db_nat

I am currently running CiscoSecure ACS v3.3 on the Appliance.

Also is the line from the log of a successful replication: Nothing has changed since then.

Inbound database replication from ACS 'notacs01' completed

Vivek Santuka · ‎03-10-2007

Hi,

We need to look at Auth.log for events around the replication.

As I said before, you should try re-entering the secre keys again before looking at logs.

Regards,

Vivek