I have an issue with Active Directory authentication over a LAN to LAN VPN on a 2960. It was working fine with a 2860.

Local network: 192.168.101.0/24
Remote network: 10.1.0.0/16
Domain controller is 10.1.0.5

Local Windows devices can't properly authenticate to the domain controller since switching from a 2860 to a 2960.

We can ping the DC and browse the remote server shares from the local LAN, but can't authenticate AD accounts, it is saying the domain cannot be reached. DNS is set correctly on the local devices.

Any ideas please?

Update - I have scanned LDAP ports from LAN to remote server, and port 389 is not responding over the 2960 VPN (okay on 2860 VPN). Why would this be? I've added a firewall rule but has no affect.

Any ideas, or am I missing something?

The 2960 seems to have lots of intrinsic support for LDAP...maybe it is intercepting it, and expecting something to be specifically configured?

hornbyp wrote:
The 2960 seems to have lots of intrinsic support for LDAP...maybe it is intercepting it, and expecting something to be specifically configured?

It does seem so but I can't see anything specific that would be blocking it.