Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ASA Active Direcitory Remote Access VPN Auth - When AD server is over a L2L


Currently I have an ASA5510 which is doing LDAP authentication for remote access VPN users.

The authenticating server is locally on a port on the ASA.

I would like to have a backup, but the server is currently at a remote office, but that office has a site to site tunnel built to the ASA.

Will the ASA be able to use that remote AD server?

I am unsure if the ASA itself can talk directly to a host over a VPN tunnel, or if it has to be host to host.

Something like:

aaa-server LDAP (outside) host x.x.x.x

But x.x.x.x would not be an actual public, just a host over a vpn tunnel.

Would it depend on what interface the ASA sources the request from? Can that be altered?



Re: ASA Active Direcitory Remote Access VPN Auth - When AD serve

To set up the remote access VPN connection between a Cisco VPN Client and the PIX 500 Series Security Appliance.

The remote VPN Client user autheticates against the Active Directory using a Microsoft Windows 2003 Internet Authentication Service (IAS) RADIUS server.

New Member

Re: ASA Active Direcitory Remote Access VPN Auth - When AD serve

Thanks, I already have it setup for authentication to the AD server, but what I am wondering, is if the AD server can be remote, over another VPN tunnel.

In this example, and any other common setup, the AD server is local to the PIX, on one of the interfaces, but what I need to do is have the PIX / ASA auth to an AD server, that is available over another, already up, site to site VPN tunnel.

CreatePlease to create content