LDAP connection for VPN authentication to 2 AD different child d
I know of 2 different ways to achieve this:
1) create 2 aaa-server groups, one for each domain; then create 2 tunnel-groups, each one pointing to a different aaa-server group.
This means of course that the users will have to select the correct tunnel-group (either from a drop-down list, or by going to the right group-url). For Anyconnect users, you can optionally deploy a different profile (i.e. with a different group name) to both sets of users.
2) assuming the 2 domains are in the same AD Forest, configure one (or more) DC to be a GCS (Global Catalog Server) for the Forest. Then on the ASA you can use the GCS as LDAP server to do multi-domain lookups.
Downside of this approach is that GCS cannot handle password changes.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...