Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

RA-VPN LDAP Authentication - Two different Microsoft Domains

Hello,

Is it possible to have two different AD for two different Windows Domains for the same IPSec connection profile? I have tested having both ADs in one AAA server group, but if the user is not found in the first server, it stops searching. Is there another way to accomplish this?

Thank you

4 REPLIES
Gold

Re: RA-VPN LDAP Authentication - Two different Microsoft Domains

assign them to different tunnel-groups?

Re: RA-VPN LDAP Authentication - Two different Microsoft Domains

I missed this part in my question :) We are in the middle of a Windows Domain migration and I would like, if possible, not to touch Cisco VPN client configuration already in use, so the ideal solution would be maintaining the same tunnel-group and do the changes needed just in the ASA configuration. Any idea???

Gold

Re: RA-VPN LDAP Authentication - Two different Microsoft Domains

this sounds like it might be more of a question for AD experts. can you do a mass export/import of users from the old domain to the new domain to minimize your migration time? i mean, really, you just need to recreate each user and group in the new domain, right? or is this a case of merging with another company where you can't follow the same AD structure as before?

Re: RA-VPN LDAP Authentication - Two different Microsoft Domains

I'm afraid migration time will be months because there are several new enviroments involved. Anyway, I just wanted to make this Remote Access as easy as possible, but I guess I will have to duplicate every tunnel group to change the LDAP server asked and change it in the vpn client.

Thanks anyway.

132
Views
0
Helpful
4
Replies
CreatePlease to create content