Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
546
Views
0
Helpful
1
Replies

Replicating ACS Database From Primary to Secondary Over NAT

kentngo
Level 1
Level 1

‎02-27-2006 07:23 PM - edited ‎02-21-2020 10:14 AM

Does any knows that it is possible to replicate the ACS database when the primary and the secondary ACS servers are residing in two different DMZs. All traffic leaving the DMZ must be natted. I am receiving an error of "key mismatch" on the secondary server denying the authentication from the primary server when I know that the shared secret key is the same on both servers. Would this "key mismatch" be related to the nature of NAT? Please advise....

Labels:
0 Helpful
1 Reply 1

Jeffrey Bollinger
Cisco Employee
Cisco Employee

‎02-28-2006 06:45 AM

Yes, you cannot do replication between two ACS servers that are using NATted IP addresses. The secret key plus the AAA server IP address is the authentcation function, so if the AAA server IP is different, the authentication will fail. Using NAT for replication is not yet supported and will not work.

0 Helpful
Customers Also Viewed These Support Documents