ACS 5 can be joined only to a single domain as of now. when acs is joined to a domain ACS can authenticate any user that belongs to that domain from Any Domain controller in that domain. It relies on DNS resolution to find the appropriate Domain cont...
As far as your configuration is concerned it looks perfectly fine. As you mentioned that the difference between the working and non working debugs is that in the non working debugs we do not see memberof attribute being retrieved. the main reason cou...
In order to map 2 different AD groups to 2 different local Identity groups we will need to do the following. Assuming that the ACS is already Joined to a domain for example csco.com1. we need to populate the concerned 2 AD groups in Users and Identit...
As far as routing is concerned it would be great idea to create a static route on c2800 and redistribute static using OSPF. in that way all your return traffic for your VPN pool will be eventually redirected to the ASA interface gig0/1there is no nee...
