We have multiple operating companies with one overall holding company. We have an FMC with our AD connected as a realm with no issues. Some of the other operating companies need access to some of our services, there is a internal network connecting the opcos through the firewalls but the other opcos have their own AD domain. There is a trust relationship but the FMC only sees the SIDs of the other users, no names and I cannot use them in groups to allow access. Does anyone know how to get two AD domains connected to one FMC so each AD can be used in access policies?
Hmm. This might be difficult to do. You could try, if it is an option, to install ISE and associate ISE with all the domains, then integrate ISE with FMC.
-- Please remember to select a correct answer and rate helpful posts
If you want to allow username/AD group based access (on ACP) you need to integrate with Cisco ISE via PXgrid to get IP to username matches. (Your ISE enviroment needs to be integrated with AD via passive identity_
you could possibly add multiple domains into ISE and get passive identity working. This is my hunch, (not done multiple domain integration) but it should be along those lines.
CCNA R&S
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
