Forum Discussion

Srecko_M__12636's avatar
Srecko_M__12636
Icon for Nimbostratus rankNimbostratus
Sep 30, 2015

AAA Server SecurID Configuration with Route Domains

Hello,   I have to configure native SecurID authentication on redundant F5s with APM remote access. In the "New Server" definition, I can select "Select from Self IP List". All the Self IPs are i...
BIG-IP Access Policy Manager (APM)
deployment
security
TMOS
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Nov 09, 2016

Hi Srecko,

same issue with one of my clients in TMOS v11.6.1HF1.

The configuration was created and exported on ACE.

Imported it to a new AAA Secure-ID profile on the F5 and assigned it in the iApp.

The /var/log/apm filled up immediately with the following error messages:

err aced[30456]: 01490000:3: Process[/partition_portale/aaa-server-rsa-secure-id]: AceInitializeEx failed, Cannot communicate with the ACE/Server

The test with the command line utility as described in SOL12164 failed as well. Routes exist to the ACE server (tested with the rdexec tool from bash) and the ACE server hostname can be resolved via DNS on the F5. We tested both a self IP and floating self IP in the AAA profile to be used as agent IP address.

Alternatively we tried to access the ACE via the BIG-IP management interface by creating and importing a new configuration file (AAA profile modified accordingly regarding the agent IP address).

No outgoing traffic visible both on the management interface (eth0) and on the wildcard (0.0) in tcpdump.

Perhaps you were able to solve the problem?

Thanks in advance for sharing the solution.

Cheers, Stephan