cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
825
Views
0
Helpful
5
Replies

Database replication errors - between two appliance 113

wordworship
Level 1
Level 1

I have two Secure ACS appliances - primary and a secondary. The secondary is behind the firewall and so we have the IP addresses nat'ed. I can get to the sec appliance via the natt'ed Ip address, but it the primary server says he does not see it. below is the error message I am getting

Inbound database replication from ACS 'Primary' denied - shared secret mismatch

i did read thru the earlier conversation, but It does not solve the issues I am haivng with the replication.

Pls help.

5 Replies 5

Vivek Santuka
Cisco Employee
Cisco Employee

Hi,

Usually "shared secret" mismatch means the primary's self key and the primary's key on secondary server do not match.

I would like to to point out that replication is not supported with NAT.

Regards,

Vivek

its worked before. the keys do match.

below is the link that the TAC engineer sent to me:

Hi,

No link in the above post.

Bust if you are using ACS 4 then please check the keys of the NDG and try moving the AAA Server entry to a different NDG.

Regards,

Vivek

Vivek,

Thanks for yor response.

Oops. Sorry about that. below is the link I was give:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml#configure_db_nat

I am currently running CiscoSecure ACS v3.3 on the Appliance.

Also is the line from the log of a successful replication: Nothing has changed since then.

Inbound database replication from ACS 'notacs01' completed

Hi,

We need to look at Auth.log for events around the replication.

As I said before, you should try re-entering the secre keys again before looking at logs.

Regards,

Vivek