Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1872
Views
10
Helpful
3
Replies

multiple domains for vpn

Go to solution
suthomas1
Level 6
Level 6

‎05-20-2010 02:05 AM

Hi,

Is it possible to tied multiple varied AD domains ( like abc.com, ab.com) within single ssl vpn box setup.

this is using an ASA 5540 with Version 8.0(4).

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hdashnau
Cisco Employee
Cisco Employee

‎05-21-2010 01:17 PM

See the following:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.
shtml 


*Perform Multi-Domain Searches (Optional) *

*Optional.* The ASA currently does not support the LDAP referal 
mechanism for multi-domain searches (Cisco bug ID CSCsj32153). 
Multi-domain searches are supported with the AD in Global Catalog Server 
mode. In order to perform multi-domain searches, setup up the AD server 
for Global Catalog Server mode, usually with the these key parameters 
for the LDAP server entry in the ASA. The key is to use an 
ldap-name-attribute that must be unique across the directory tree.

server-port 3268
ldap-scope subtree
ldap-naming-attribute userPrincipalName

If global catalog server is not an option for you, you can always create two seperate SSL tunnel-groups and two seperate LDAP aaa-server groups and this would also allow you to do two AD domains (but the drawback is that you would have to inform the user which group they should select)

-heather

View solution in original post

3 Replies 3

Go to solution
hdashnau
Cisco Employee
Cisco Employee

‎05-21-2010 01:17 PM

See the following:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.
shtml 


*Perform Multi-Domain Searches (Optional) *

*Optional.* The ASA currently does not support the LDAP referal 
mechanism for multi-domain searches (Cisco bug ID CSCsj32153). 
Multi-domain searches are supported with the AD in Global Catalog Server 
mode. In order to perform multi-domain searches, setup up the AD server 
for Global Catalog Server mode, usually with the these key parameters 
for the LDAP server entry in the ASA. The key is to use an 
ldap-name-attribute that must be unique across the directory tree.

server-port 3268
ldap-scope subtree
ldap-naming-attribute userPrincipalName

If global catalog server is not an option for you, you can always create two seperate SSL tunnel-groups and two seperate LDAP aaa-server groups and this would also allow you to do two AD domains (but the drawback is that you would have to inform the user which group they should select)

-heather

Go to solution
hdashnau
Cisco Employee
Cisco Employee
In response to hdashnau

‎05-25-2010 04:13 PM

P.S. If I have answered your question please mark the post as resolved  and rate the responses. This helps us more easily identify which  questions remain unanswered and let us know how we are doing. Thanks in  advance!

Go to solution
suthomas1
Level 6
Level 6
In response to hdashnau

‎05-27-2010 10:10 PM

Yes, you did answer question  very precisely. Thanks a lot for helping out.

Apologies for not rating/marking the answer earlier, as i didnt had web access for a few days!


Thanks a lot!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents