The below listed steps will help us in such scenario where AAA server ip address changes to loopback 127.0.0.1
It's little easy to fix it with ACS windows server. However, in case of ACS appliance it little cumbersome but can be done.
At very first place we need to try and setting the original ip address by using "Set ip" Command from the console connection of the ACS Solution engine. Once you successfully changed the ip address, you can apply the latest patch on the ACS SE (This will fix the problem).
Install eval version on Windows 2000/2003 server. Please also ensure that JAVA is installed on that server.
Take a backup from ACS SE from, System Configuration > ACS Backup >Backup Now.
Restore the database backup on ACS eval.
On eval ACS , go to Network Configuration > find the AAA Server entry with 127.0.0.1 entry. Edit it and give it some other IP for, example, 188.8.131.52. Submit + Apply.
On eval, Restart CSAdmin service.
On eval, go back to Network Configuration and search for the changed IP address and delete that entry, Delete + Apply.
Take a backup from eval ACS, System Configuration > ACS Backup > Backup Now.
Restore the database backup from eval ACS into ACS SE from option, System Configuration > ACS Restore, choose the database backup. Check Check option "User and Group Database" and "CiscoSecure ACS System Configuration", then press Restore Now.
On ACS SE, go to Network Configuration, make sure that 127.0.0.1 entry is not there and for ACS SE's hostname we have the correct IP address. Go to Proxy Distribution Table > (Default). Move the server's hostname entry that has correct IP for this ACS SE into "Forward To" column, if not already. Then press "Submit + Restart".
NOTE that the loopback entry (127.0.0.1) will not cause issues in authentication, but break the replication in ACS 4.x setup.
CSCso39795 - Disable and Enable Network Card in S/W ACS results in Loop Back
CSCso36620 - "Toggle nic" command changes AAA server ip address to "127.0.0.1" in GUI
Hi, i am using this FlexVPN "Hub to Spoke" configuration for my home lab hub router its using Keyring pre-shared key, and AAA is done locally. This work fine when the client is a router. However I want to modify this so that remote clients ...
Hi Experts,We're running ISE 2.6 with Patch 8 installed. AnyConnect is 4.8 and the Compliance Module is 4.3.X. I've been asked to configure a New AV Posture policy Definition check for Windows Defender. Name: AV_Def_5daysCompliance Module: 4.X ...
Hi We have about 1000 sites connected to a hub siteThe setup is DMVPN. And we are using Get VPN upon thisWe are using Cisco 898 with 2 links [local loop and 3G] for each branch We have a problem that suddenly most of our branches are facing a ne...
Hi AllIs it possible with Cisco AnyConnect secure mobility client to allow for multiple concurrent connections in macOS? Actually, I need to connect to multiple VPN hosts at the same time as I need to connect to servers hosted in a different location...