ASA Active Direcitory Remote Access VPN Auth - When AD server is over a L2L

Unanswered Question
Jul 10th, 2009


Currently I have an ASA5510 which is doing LDAP authentication for remote access VPN users.

The authenticating server is locally on a port on the ASA.

I would like to have a backup, but the server is currently at a remote office, but that office has a site to site tunnel built to the ASA.

Will the ASA be able to use that remote AD server?

I am unsure if the ASA itself can talk directly to a host over a VPN tunnel, or if it has to be host to host.

Something like:

aaa-server LDAP (outside) host x.x.x.x

But x.x.x.x would not be an actual public, just a host over a vpn tunnel.

Would it depend on what interface the ASA sources the request from? Can that be altered?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jasonch518_2 Thu, 07/16/2009 - 14:06

Thanks, I already have it setup for authentication to the AD server, but what I am wondering, is if the AD server can be remote, over another VPN tunnel.

In this example, and any other common setup, the AD server is local to the PIX, on one of the interfaces, but what I need to do is have the PIX / ASA auth to an AD server, that is available over another, already up, site to site VPN tunnel.


This Discussion