Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1045
Views
0
Helpful
2
Replies

cisco ASA 5508 connecting PC to windows AD remotely

paul amaral
Level 4
Level 4

‎07-21-2020 01:14 PM - edited ‎07-22-2020 08:26 AM

Hi, I have a Cisco 5508 ASA that one of my users needs to have access to Windows AD in order to test and put PCs on the windows domain remotely before being shipped out to location.

I’m not very familiar with Windows AD. This user connects via remote vpn client and gets an ip address of 192.168.2.92, the AD servers are on the same subnet at 192.168.2.131/132.

I don’t want the user to use LDAP with AD for authentication, I just want the VPN user to install windows on a machine and set it up and make it part of a AD, prior to going out to location. Note that the VPN user looks like it can query/ping 192.168.2.131/132 which are the AD servers. 

 

I guess im looking for advise on how to configure a remote VPN user to be able to put/test PCs on windows AD remotely without being at the location, assuming this is possible, forgive me as don't know much about AD.

Right now the VPN user connects gets and ip from the pool and is on the same subnet as the AD servers however I been told that this user can connect to AD. Note that i dont have any ACLs allowing the VPN user to connect to any ip inside the 192.168.2.x vlan because the VPN user is on the same subnet. Could this be the issue? do i need to specify and ACL out the to VLAN and allow that VPN ip access to the AD ips? I can do DNS lookups and ping from the remote VPN ip to the AD ips, so Im not sure this is the problem. 

 

Paul

 

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-22-2020 11:01 PM

As long as they can reach the Active Directory Domain Controller(s) via their VPN connection, they should be able to join the newly built computers to the domain the same as if they were in the main office.

Is this not working now? If so, what error message are they seeing?

0 Helpful

paul amaral
Level 4
Level 4
In response to Marvin Rhoads

‎07-23-2020 06:55 AM

Marvin, thanks. I think the issue was that I was passing down public DNS server to the remote VPN users and ofcourse those know nothing about the AD. I will know more today but I think this is my issue.

 

Thanks again for you response. 

 

Paul

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card