ASA Active Direcitory Remote Access VPN Auth - When AD server is over a L2L

Jasonch518_2 · ‎07-10-2009

Hello,

Currently I have an ASA5510 which is doing LDAP authentication for remote access VPN users.

The authenticating server is locally on a port on the ASA.

I would like to have a backup, but the server is currently at a remote office, but that office has a site to site tunnel built to the ASA.

Will the ASA be able to use that remote AD server?

I am unsure if the ASA itself can talk directly to a host over a VPN tunnel, or if it has to be host to host.

Something like:

aaa-server LDAP (outside) host x.x.x.x

But x.x.x.x would not be an actual public, just a host over a vpn tunnel.

Would it depend on what interface the ASA sources the request from? Can that be altered?

Thanks.

tstanik · ‎07-16-2009

To set up the remote access VPN connection between a Cisco VPN Client and the PIX 500 Series Security Appliance.

The remote VPN Client user autheticates against the Active Directory using a Microsoft Windows 2003 Internet Authentication Service (IAS) RADIUS server.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

Jasonch518_2 · ‎07-16-2009

Thanks, I already have it setup for authentication to the AD server, but what I am wondering, is if the AD server can be remote, over another VPN tunnel.

In this example, and any other common setup, the AD server is local to the PIX, on one of the interfaces, but what I need to do is have the PIX / ASA auth to an AD server, that is available over another, already up, site to site VPN tunnel.