I have a Pix set to use IPSEC and domain authentication. We have 2 AD servers at the office If 1 specific server is offline I cannot loginto the VPN? The office servers are both AD servers. I cannot understand why the second AD server would not authenticate my VPN request.
Would you start troubleshooting with Win2003 AD or the Pix? Thanks for any recommendations in Advance Tim
If I remember, when you configure LDAP authentication you define a single server. Perhaps you need to create another instance of the authentication for the 2nd DC?
I've never set up LDAP auth but this is a summary of what I have for AD auth:
aaa-server AD (inside) host 10.0.0.13 nt-auth-domain-controller dc1 aaa-server AD (inside) host 10.0.0.10 nt-auth-domain-controller dc2 tunnel-group example type remote-access tunnel-group example general-attributes authentication-server-group AD LOCAL
Since I've never tried authenticating while one of the DCs are offline, you'll have to test that part for yourself. If all else fails, open a ticket with the Cisco TAC.
-Gary
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.