Solved: Re: VPN auth over AD - AD Realm - FDM 7.0.5 - Page 2

petrsenik · ‎06-27-2023

Hello,

i have Cisco Firepower 1140 and I am trying to setup AD realm for authentication via active directory. I created connector under Objects -> Identity sources -> AD Realm and filled the fields. But when i Test connection i get:

Realm is available for Identity policies.

Cannot connect to realm for RA VPN. ERROR: Authentication Server not responding

Do you have any advice where i have to start search the problem?

Thank you.

Aref Alsouqi · ‎06-28-2023

"ping system 192.168.152.128".

petrsenik · ‎06-28-2023

Well I got an notification:

> ping system 192.168.152.128
Character system not allowed in CLI Console.> ping system 192.168.152.128

But I used wireshark and I see communication between FW and AD (viz printscreen)

Aref Alsouqi · ‎06-28-2023

That is interesting as the "ping system" command should be supported. If you do "ping ?" what options do you see? also, could you please try to change the interface in the realm configs from management to the internal one facing the LDAP server for testing?

petrsenik · ‎06-28-2023

Ping show:

admin@fw:~$ ping
Usage: ping [-aAbBdDfhLnOqrRUvV64] [-c count] [-i interval] [-I interface]
[-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos]
[-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option]
[-w deadline] [-W timeout] [hop1 ...] destination

I change interface in realm to "inside" but got same error.

But this might be my problem (print screen)

petrsenik · ‎06-28-2023

Solved, problem was in bad Interface. Thank you both for your time.

MHM Cisco World · ‎06-28-2023

happy ending

Glad this issue resolved

Have a nice day

MHM

Aref Alsouqi · ‎06-28-2023

Out of interest, what do you mean by in bad interface?

petrsenik · ‎06-28-2023

We have more subnets on one interface, so I have to choose one specific instead of whole interface.