RA-VPN LDAP Authentication - Two different Microsoft Domains

Unanswered Question
Jul 7th, 2009
User Badges:


Is it possible to have two different AD for two different Windows Domains for the same IPSec connection profile? I have tested having both ADs in one AAA server group, but if the user is not found in the first server, it stops searching. Is there another way to accomplish this?

Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Tue, 07/07/2009 - 09:37
User Badges:
  • Blue, 1500 points or more

assign them to different tunnel-groups?

esperanza.gonzalez Tue, 07/07/2009 - 23:52
User Badges:

I missed this part in my question :) We are in the middle of a Windows Domain migration and I would like, if possible, not to touch Cisco VPN client configuration already in use, so the ideal solution would be maintaining the same tunnel-group and do the changes needed just in the ASA configuration. Any idea???

srue Wed, 07/08/2009 - 09:37
User Badges:
  • Blue, 1500 points or more

this sounds like it might be more of a question for AD experts. can you do a mass export/import of users from the old domain to the new domain to minimize your migration time? i mean, really, you just need to recreate each user and group in the new domain, right? or is this a case of merging with another company where you can't follow the same AD structure as before?

esperanza.gonzalez Thu, 07/09/2009 - 04:08
User Badges:

I'm afraid migration time will be months because there are several new enviroments involved. Anyway, I just wanted to make this Remote Access as easy as possible, but I guess I will have to duplicate every tunnel group to change the LDAP server asked and change it in the vpn client.

Thanks anyway.


This Discussion