Monday, April 1, 2019

Cisco ASA 5500 LDAPS issue

I am new to Cisco, we used to have a Sonicwall. The problem is the anyconnect VPN, users cannot change their AD passwords through the VPN software. We have 50 plus users that never connect directly to the office and this is the only way for them to change their network passwords short of calling us to do so. Our old firewall did this, all you had to do was install the CA certificate from the AD server in the Firewall and enable TLS. I used to do all of the Firewall support, we now have outsourced the firewall support and they can't get this to work. They have the certificate installed on the ASA and have enabled use LDAP over SSL and it doesn't work. My AD server has this in the logs "The token supplied to the function is invalid ". To me that seems to mean the certificate is either not installed correctly or the Cisco is not using it. Any ideas on what we could be missing? My google searches have yielded no helpful results other than what we already have tried, and some others require a Cisco login with rights to access those articles.



No comments:

Post a Comment