Showing results for 
Search instead for 
Did you mean: 

Can I authenticate to multiple ASA5510's at the same time?



In my company we have several networks that are segregated from the overall corporate LAN  (2 in the US, 2 outside of the US).  These are physically seperate networks on seperate subnets, but all of the computers on the 4 networks are on the same global domain.  The networks use the corporate lan to pass data between them.

Each network has a single physical line in and out and each network has a firewall at the "front door".  This firewall is there to prompt for authentication from users trying to come in over our corporate VPN connection.  They have to provide domain credentials for our global domain.  Inside each of our networks there is also an authentication server that authenticates their domain credentials they provide.

Currently if a user want to access site A from VPN, they have to authenticate to site A's firewall.  If they then want to access site B they have to again authenticate to site B and so on.

My question is, is it possible to set it up so that a user can authenticate on thefirewall at site A and then be automatically allowed access to the other sites as well?  Somehow the firewall would need to communicate to the other firewalls that this IP address is OK?  Or does the authentication server need to be set up to contact all the firewalls?

Just wondering if this is possible or if the users just need to authenticate to each site.

1 Reply 1

Ravi Singh
Rising star
Rising star

I don't think there is any way to replicate the policies form one firewall to other until unless you do not configure HA. So at the end you have to authenticate the use again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers