Good evening all,

I'm having an issue setting up my ASA to authenticate to an LDAP server.  The ASA is at a remote site and my LDAP server is here at HQ.  I have the tunnels built out and am able to pass traffic, (10.48.1.2 --> HQ Private subnets 192.168.x.x) but not LDAP calls.  I've tried setting the LDAP using both the outside interface to the public IP and the inside interface to the private IP.  Packet tracer is telling me that an implied rule is dropping traffic after the UN-NAT when I go from 10.48.1.1 (V30) to the LDAP at 192.168.1.100  

My inside interface is fronting 2 sub-interfaces.

Here are the remote ASA interfaces

Gig0

nameif outside

security 0

ip add 2.2.2.2/28

Gig1

shutdown

no nameif

no security

Gig1.30

vlan 30

nameif V30

security 100

ip add 10.48.1.1/24

Gig1.31

vlan 31

nameif V31

security 100

ip add 10.48.2.1/24

I do have the same-traffic inter and intra command.

Is this failure due to my sub-interfaces?  I'm thinking that if I un-shut the Gig1 I'll lose the subs, but I've also considered setting an ifname and security level to Gig1

The LDAP config at the very least looks like:

aaa-ser LDAP (V30) host 192.168.1.100

There is more to it but my issue is not with how I talk to LDAP but rather I cannot reach it at all.  I have also tried this:

aaa-ser LDAP (outside) host 2.2.2.1      along with the ACL rule to allow 2.2.2.2 in on 636 (This is LDAPS)

I have other sites that are authenticating fine.  Just wanted to clear this up befire doing a deep dive on my VPN tunnels or causing accidents lol