Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6382
Views
0
Helpful
3
Replies

Multiple Domains with AnyConnect client

bberry
Level 1
Level 1

‎12-28-2016 07:23 AM - edited ‎02-21-2020 09:06 PM

Does anyone know if the ASA will support multiple domains with the AnyConnect client. We have been running our ASA for quite a while with a single domain but have acquired another company and appear to be having issues with remote users getting between the domains. I created a profile for users on the new domain when everything was single but now they are working to combine things and have users trying to access cross domain resources. The only domain spot I have seen so far is a default domain but it only allows a single domain.

Brent

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-28-2016 08:00 AM

The ASA will only supports a single domain (aaa server group technically) for a given connection profile.

You could create multiple profiles and have the end users select the one for their domain. 

You could also use ISE which supports multiple domains just fine. 

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to Marvin Rhoads

‎12-28-2016 08:29 AM

To add to what Marvin said, you can also configure Split DNS for a particular tunnel group/connection profile. This means that you can add multiple domains apart from your default domain to the split dns list so that the client can use those while querying for a name. There can only be one default domain but multiple split-dns domains. These domains are added under the DNS search suffixes once connected to VPN. If domain name resolution is what you are looking for, the Split dns should work for you. More info below:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116016-technote-AnyConnect-00.html

0 Helpful

bberry
Level 1
Level 1
In response to Marvin Rhoads

‎12-28-2016 08:34 AM

You are referring to Authentication correct? I can see a single domain for that but I am referring to multiple-domains for DNS lookups. Sorry I may have not been clear on that. The users normally just connect to "server name" but are now saying they are having issues getting to "server name" when remotely connected and not on their default domain. I never really noticed what they get when connected as I did not setup what we have today. I am going to have to research more as I have all the domains listed when I do an ipconfig /all from my laptop. Maybe there is something profile specific that is not happening? I just did not know if there was something that needed to be checked in the DHCP pool or something. When I create the profiles I just use a single LDAP and specify a default domain. Do not think I have ever changed anything regarding DNS.

Brent

0 Helpful
Customers Also Viewed These Support Documents