Installed ACS 3.0 on a win2K server domain controller running in mixed mode. Any issues with changing over to native mode and also authenticating users from other domains that are also moving to native mode. As you can tell, not much Microsoft experience with Active Directories here. I have read the field Notice relating to bug CSCdy18833 regarding authentication failure from member servers and ensuring AD permissions are in place, but anything else I need to be aware of?
Concerning this Field Notice, I experienced a similar problem when I tried to authenticate users from another domain.
We achieved to find out the problem. First, the server tries to find the PDC of the other domain (DNS request : _ldap._tcp.pdc._msdcs.domain). The DNS
server answer with the full name and IP address. But afterwards, instead of using the DNS answer, the server make a new request with the PCD name
and appending its own domain. The DNS request fails, and the user is not authenticated. A workaround consists in chaging the DNS search-list for the server, but I'm intersted if anyone had a better solution, or if Cisco and/or Microsoft could fix that.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...