Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
1
Replies

IDFW ASA identity database by design behaviour ?

Go to solution
giuseppe parlato
Level 1
Level 1

‎08-13-2015 08:00 AM - edited ‎03-11-2019 11:25 PM

Hello,

I've completed user identity setup with Cisco ASA, CDA and MS ldap auth. It works, ..ASA vpn user database is correctly redistributed from CDA to all the other ASAs. However I had to shutdown CDA and I noticed that I still have active users on ASAs user database. Is it a by design behaviour ? I was expected if CDA is down ASAs should have lost mapping information and set eventually all user as inactive. Of course since CDA is down new user vpn logon are not redistributed to all the other ASAs but old one are still active.

 

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎08-14-2015 06:29 AM

The ASA will store the user database locally and update it as needed (from CDA). The ASA does not query CDA each time a connection is established. It's working as designed.

Hope it helps.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎08-14-2015 06:29 AM

The ASA will store the user database locally and update it as needed (from CDA). The ASA does not query CDA each time a connection is established. It's working as designed.

Hope it helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card