collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: Problem - IP Mapping - ASA CX  (Read 20450 times)

Offline crusier

  • Cisco Newbie
  • *
  • Posts: 10
  • Reputation: 0
  • Certification: CCNA
Problem - IP Mapping - ASA CX
« on: March 07, 2015, 02:32:27 PM »
Hi Friends,

First i want to thank you this site, that teached me how to configure the ASA-CX. I´m having problems to map the users on my AD, sometimes the ASA only map the IP , so i cant use the policies based on username and groups.

I had to use the old Ad agent ( installed on Domain Controller) , because my costumer dont have any hardware and Vm server to run Cisco CDA.

Could you help me? Please tell what more information do you need to help me.

Tks :D :D :D

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Problem - IP Mapping - ASA CX
« Reply #1 on: March 08, 2015, 10:49:37 AM »
First of all, you might want to double check on the compatibility between CX and the AD agent as most Cisco documentation always uses CDA. Second of all, after domain user logs into Windows, check to see if a user-to-IP mapping is created and learnt by the CX by sessioning into the CX and perform command 'show opdata adisessions'. If you don't see a mapping there then CX won't know anything about that user.

Offline crusier

  • Cisco Newbie
  • *
  • Posts: 10
  • Reputation: 0
  • Certification: CCNA
Re: Problem - IP Mapping - ASA CX
« Reply #2 on: March 12, 2015, 05:28:16 PM »
Hi,

If i put the command "show opdata adisessions", there are the follow result:

show opdata adisessions
Vdi Session Directory:
============================
total_sessions: 110
contained_op_data {


 I dont understand, why some workstantions the ASA-CX cant map IP and Username logged. How can i start the troubleshooting?

Tks

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Problem - IP Mapping - ASA CX
« Reply #3 on: March 16, 2015, 10:27:39 PM »
What's the percentage of the user that you are not seeing mappings for? If you ask the user to log out and back in, does it fix the problem?

Offline crusier

  • Cisco Newbie
  • *
  • Posts: 10
  • Reputation: 0
  • Certification: CCNA
Re: Problem - IP Mapping - ASA CX
« Reply #4 on: March 17, 2015, 08:26:43 AM »
About 40% of network, if user log out and back in, dont fix the problem.

Detail, some cases if i re-join the workstation again on DC, the problem was fixed. Have seen this problem ?

Tks

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Problem - IP Mapping - ASA CX
« Reply #5 on: March 18, 2015, 10:36:14 PM »
It sounds like the agent is not always seeing user login activities, or it does but does not communicate to CX. Any chance to install CDA at all, possibly on VMware workstation temporarily? 

Offline crusier

  • Cisco Newbie
  • *
  • Posts: 10
  • Reputation: 0
  • Certification: CCNA
Re: Problem - IP Mapping - ASA CX
« Reply #6 on: March 19, 2015, 05:56:36 PM »
i will test with CDA, and will soon have news.

Tks again.

Offline crusier

  • Cisco Newbie
  • *
  • Posts: 10
  • Reputation: 0
  • Certification: CCNA
Re: Problem - IP Mapping - ASA CX
« Reply #7 on: July 05, 2015, 03:16:41 PM »
Hi Friends,

Now i running CDA. But some errors occurs, and users mapping stop working whe the messages bellow appers (see attached image):

 ADObserver : Error with ConnectServer WMI RPC, will retry to reconnect shortly
ContextManager : Creation time of mapping record is in the future

Do you know any idea to help fix this issue?

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Problem - IP Mapping - ASA CX
« Reply #8 on: July 06, 2015, 12:59:45 PM »
Can you confirm that the CDA was working initially and stopped when the error was encountered?

Offline crusier

  • Cisco Newbie
  • *
  • Posts: 10
  • Reputation: 0
  • Certification: CCNA
Re: Problem - IP Mapping - ASA CX
« Reply #9 on: July 07, 2015, 06:20:48 AM »
Yes, the CDA works for a period, and stop working. It is back work, when I reboot the CDA.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Problem - IP Mapping - ASA CX
« Reply #10 on: July 11, 2015, 05:20:45 PM »
Strange. If it works initially, your setup should be correct. May be try to connect to different domain controller?

Offline crusier

  • Cisco Newbie
  • *
  • Posts: 10
  • Reputation: 0
  • Certification: CCNA
Re: Problem - IP Mapping - ASA CX
« Reply #11 on: August 28, 2015, 07:41:06 AM »
I opened a case on TAC, and them return that the problem is a BUG :

You are not allowed to view links. Register or Login

Next week , i wiil apply the update and return with results.

Tks

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Problem - IP Mapping - ASA CX
« Reply #12 on: August 29, 2015, 05:21:50 PM »
That certainly explains it. Thanks for letting us know about the bug. Will await your update.

 

Related Topics

  Subject / Started by Replies Last post
3 Replies
67203 Views
Last post June 19, 2015, 10:01:35 PM
by MC
5 Replies
36919 Views
Last post June 30, 2015, 03:03:40 PM
by MC
8 Replies
21747 Views
Last post April 25, 2016, 09:41:01 PM
by MC
8 Replies
16414 Views
Last post September 14, 2017, 08:30:47 PM
by MC
1 Replies
50063 Views
Last post October 06, 2019, 06:06:20 PM
by Mikep

SimplePortal 2.3.7 © 2008-2024, SimplePortal