Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2158
Views
0
Helpful
2
Replies

LDAP fails over vti tunnel ipsec

curdubanbogdan
Level 1
Level 1

‎08-27-2019 07:31 AM - edited ‎02-21-2020 09:44 PM

Hello guys,

 

I have a site to site vpn tunnel route-based ikev2 between 2 asa's and I am trying to obtain aaa ldap for anyconnect. 

The topology is like this:

ASA1 <----------IPSEC-vti tunnel (working)--------> ASA2 (anyconnect config remote authentication with AD using ldap)

The main problem is that i can't add at source interface the virtual int "aaa-server LdapServers (Tunnel100???) host x.x.x.x", only the physical interfaces "aaa-server LdapServers (OUTSIDE) host x.x.x.x" . I added the physical interface where the tunnel has it's source, but no good, still error unreachable server. Can you please help?


The configuration is correct, other traffic works, tunnel is up.

2 people had this problem
Labels:
0 Helpful
2 Replies 2

nick.alexandru
Level 1
Level 1

‎08-28-2019 01:40 AM - edited ‎08-28-2019 01:41 AM

Hi,

 

I have the same problem and I couldn't find any solution to it.

 

There is a similar case but with firepower appliances described here:

https://community.cisco.com/t5/firepower/ftd-source-interface-for-ldap-queries/td-p/3711561

 

Should this be a limitation or a feature ? The fact that you cannot source LDAP queries via the VTI interface but only through a Physical one is limiting your choices.

0 Helpful

Benjamin Allan
Level 1
Level 1
In response to nick.alexandru

‎05-05-2020 02:14 PM

I ran into this and if you just use an inside interface instead of the outside interface, it will route correctly over the VTI.

0 Helpful
Customers Also Viewed These Support Documents