The below listed steps will help us in such scenario where AAA server ip address changes to loopback 127.0.0.1
It's little easy to fix it with ACS windows server. However, in case of ACS appliance it little cumbersome but can be done.
At very first place we need to try and setting the original ip address by using "Set ip" Command from the console connection of the ACS Solution engine. Once you successfully changed the ip address, you can apply the latest patch on the ACS SE (This will fix the problem).
Install eval version on Windows 2000/2003 server. Please also ensure that JAVA is installed on that server.
Take a backup from ACS SE from, System Configuration > ACS Backup >Backup Now.
Restore the database backup on ACS eval.
On eval ACS , go to Network Configuration > find the AAA Server entry with 127.0.0.1 entry. Edit it and give it some other IP for, example, 18.104.22.168. Submit + Apply.
On eval, Restart CSAdmin service.
On eval, go back to Network Configuration and search for the changed IP address and delete that entry, Delete + Apply.
Take a backup from eval ACS, System Configuration > ACS Backup > Backup Now.
Restore the database backup from eval ACS into ACS SE from option, System Configuration > ACS Restore, choose the database backup. Check Check option "User and Group Database" and "CiscoSecure ACS System Configuration", then press Restore Now.
On ACS SE, go to Network Configuration, make sure that 127.0.0.1 entry is not there and for ACS SE's hostname we have the correct IP address. Go to Proxy Distribution Table > (Default). Move the server's hostname entry that has correct IP for this ACS SE into "Forward To" column, if not already. Then press "Submit + Restart".
NOTE that the loopback entry (127.0.0.1) will not cause issues in authentication, but break the replication in ACS 4.x setup.
CSCso39795 - Disable and Enable Network Card in S/W ACS results in Loop Back
CSCso36620 - "Toggle nic" command changes AAA server ip address to "127.0.0.1" in GUI
Thanks in advance for any help you can provide as i am new to IPsec tunnels and inherited this undocumented solution!
We have a Site-To-Site vpn between a Cisco ASA (HQ Site) and Firepower 2140 (Branch Site). The tunnel is configured to use a presharedkey...
I want to start using certificate based auth for site to site VPNs using ASAs. does anyone know if theres a document to show how this is done or any links. I need to know how to produce the certs as well as use them.Thanks
My server is too old, ISE version 2.2.I will replace it with a new and higher configuration server, upgrading ISE to 2.7 or 3.0. I would like to know if my previous Lisens can be migrated for free or if I have to buy a new One? Can configuration migr...
As per the title, We're using DNS servers to confirm whether a client is on a trusted network. On 1st launch, (and periodically throughout the day as auto-reconnect is on), users are experiencing AnyConnect popping up attempting to connect. The conne...