cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2173
Views
0
Helpful
2
Replies

LDAP fails over vti tunnel ipsec

curdubanbogdan
Level 1
Level 1

Hello guys,

 

I have a site to site vpn tunnel route-based ikev2 between 2 asa's and I am trying to obtain aaa ldap for anyconnect. 

The topology is like this:

ASA1 <----------IPSEC-vti tunnel (working)--------> ASA2 (anyconnect config remote authentication with AD using ldap)

The main problem is that i can't add at source interface the virtual int "aaa-server LdapServers (Tunnel100???) host x.x.x.x", only the physical interfaces "aaa-server LdapServers (OUTSIDE) host x.x.x.x" . I added the physical interface where the tunnel has it's source, but no good, still error unreachable server. Can you please help?


The configuration is correct, other traffic works, tunnel is up.

2 Replies 2

nick.alexandru
Level 1
Level 1