Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1942
Views
0
Helpful
2
Replies

ASA DAP functionality in ISE

gjw_csco
Cisco Employee
Cisco Employee

‎06-05-2018 06:48 AM

Do we have a way to support a customer that is currently using DAP on ASA with ISE?

The customer is using DAP to assign "Basic VPN Connectivity" ACL based on LDAP group, then provide additional access with a network ACL above and beyond if they are part of a different LDAP group. They would like to centralize everything with ISE.

0 Helpful
2 Replies 2

Timothy Abbott
Cisco Employee
Cisco Employee

‎06-05-2018 07:00 AM

Hi Gregory,

Have you seen the response to a similar question?  This might be what the customer is looking for:

https://supportforums.cisco.com/t5/vpn/asa-5525x-anyconnect-configuration-with-ise-2-1/td-p/2997585

Regards,

-Tim

0 Helpful

Craig Hyps
Level 10
Level 10
In response to Timothy Abbott

‎06-06-2018 07:17 AM

Yes, ISE can return an attribute like Class 25 which contains the Group Policy name.  There is a section in DAP that allows mapping of RADIUS attributes to DAP policy.

0 Helpful
Customers Also Viewed These Support Documents