Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2279
Views
10
Helpful
4
Replies

ASA configuration via ASDM Internal Group Policy Banner inheritance

Go to solution
Philippe4
Level 1
Level 1

‎01-20-2019 09:42 AM - edited ‎03-12-2019 07:14 AM

Hi all,

I am currently preparing the CCNA Security 210-260 [not a piece of cake :(  ]

I don't find any clear information regarding the inheritance source.

 

ie : From a created Group Policy,  the Banner option can be written (if Inherit is unticked), but if ticked, from where it could be inherited?

I didn't find anything from the Users configuration, neither from Connection Profiles.

Does the DftGrpPolicy override this, if its Banner field is filled?

And does it work in this manner, in general for all fields?

Values in DftGrpPolicy feed the created Group Policies when the Inherit option is ticked?

 

 

Many thanks to you for your help

 

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-20-2019 03:11 PM

Hi

not sure I understand correctly your question.
When it comes to VPN connection profiles, you have 2 choices:
- create their own Group Policy and you can decide to get all configuration inherited from the DftGrpPolicy or/and override some configs specifically for this connection profile attached to this group policy
- use the DftGrpPolicy for all your connection profiles.

Then if I understand correctly your question, if you keep the inherit option ticked, it will take configs from the DftGrpPolicy.
Let's take an example for split tunnel:
- you configure your split tunnel on your DftGrpPolicy
- you create a new connection profile and keep inherit option ticked then the split tunnel is coming from the value of DftGrpPolicy
- if you untick this option then you create you can override this value for this specific connection profile

Hope this is clear.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Go to solution
Philippe4
Level 1
Level 1
In response to Francesco Molino

‎01-21-2019 03:55 AM

Hello Francesco,

Thank you for your reply.

 

Yes, I think it's clear now.

 

We can say that all parameters of created Group Policy with Inherit option are feed by the default group policy (DflGrpPolicy)

It's the reason why default group policy (and default connections profiles) can be modified but not deleted?

They are used in addition of created Group Policies and Connection Profiles?

 

Many Thanks

 

Philippe

 

 

 

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-21-2019 04:46 AM

@Philippe4 wrote:

<snip>

Does the DftGrpPolicy override this, if its Banner field is filled?

And does it work in this manner, in general for all fields?

Values in DftGrpPolicy feed the created Group Policies when the Inherit option is ticked?

<snip>

That's correct.

View solution in original post

4 Replies 4

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-20-2019 03:11 PM

Hi

not sure I understand correctly your question.
When it comes to VPN connection profiles, you have 2 choices:
- create their own Group Policy and you can decide to get all configuration inherited from the DftGrpPolicy or/and override some configs specifically for this connection profile attached to this group policy
- use the DftGrpPolicy for all your connection profiles.

Then if I understand correctly your question, if you keep the inherit option ticked, it will take configs from the DftGrpPolicy.
Let's take an example for split tunnel:
- you configure your split tunnel on your DftGrpPolicy
- you create a new connection profile and keep inherit option ticked then the split tunnel is coming from the value of DftGrpPolicy
- if you untick this option then you create you can override this value for this specific connection profile

Hope this is clear.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
Philippe4
Level 1
Level 1
In response to Francesco Molino

‎01-21-2019 03:55 AM

Hello Francesco,

Thank you for your reply.

 

Yes, I think it's clear now.

 

We can say that all parameters of created Group Policy with Inherit option are feed by the default group policy (DflGrpPolicy)

It's the reason why default group policy (and default connections profiles) can be modified but not deleted?

They are used in addition of created Group Policies and Connection Profiles?

 

Many Thanks

 

Philippe

 

 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-21-2019 04:46 AM

@Philippe4 wrote:

<snip>

Does the DftGrpPolicy override this, if its Banner field is filled?

And does it work in this manner, in general for all fields?

Values in DftGrpPolicy feed the created Group Policies when the Inherit option is ticked?

<snip>

That's correct.

Go to solution
Philippe4
Level 1
Level 1
In response to Marvin Rhoads

‎01-21-2019 05:36 AM

Hello Marvin,

Thank's lot for your answer.

 

It's nice from you

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card