Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
221
Views
0
Helpful
2
Replies

Cisco firepower - remote access VPN for child domains

carl_townshend
Spotlight
Spotlight

‎02-18-2025 06:12 AM

Hi All

I have recently deployed a Firepower appliance using cdFMC, we have moved away from our old ASA.

Part of this was to allow remote access VPN, I set up a realm which was for a domain, our domain has child domains and as such on the ASA we use to use LDAPS on a global catalogue port 3269

In the Firepower, I believe the setting does not allow us to use this port and only allows normal LDAP on port 636.

In this case will my child domains not work? will I need to add multiple realms?

Cheers

0 Helpful
2 Replies 2

Sheraz.Salim
VIP Alumni
VIP Alumni

‎02-23-2025 04:18 AM

Firepower does not track parent/child relationships between domains which means that users in child domains may not be recognized by policies configured for the parent domain Here . To address this limitation, you will likely need to create multiple realms for each child domain in addition to the parent domain. This approach allows you to explicitly define each domain structure and ensure proper authentication for remote access VPN users across your entire domain hierarchy Here 

please do not forget to rate.
0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Sheraz.Salim

‎02-24-2025 12:11 AM

Hi Sherez, I have added the top domain and used global catalogue port 3269, (though apparently not supported), it appears to work just fine.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card