04-22-2015 11:30 AM - edited 03-11-2019 10:49 PM
This an opportunity to learn about Cisco SSL VPN feature, clientless VPN and Anyconnect remote access client with Mohammad Alhyari.
Monday, April 27th, 2015 to Friday, May 8th, 2015
Featured Expert
Mohammad Alhyari is a customer support engineer at the Cisco Technical assistance center in Krakow, Poland. CCIE security #35093 with over 5 years of experience in the security team. Mohammed's area of expertise is security, including VPN, SSL VPN, and IPSEC VPN on the Cisco IOS and Cisco ASA platforms.
Find other https://supportforums.cisco.com/expert-corner/events.
**Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions
05-08-2015 03:12 AM
Hi Flavio ,
Thanks for sharing your problem here . I really apologize that i can't recommend a version for you as I'm not aware of you network needs and infrastructure . However if you look at the release notes for 9.4 you can see the list of open/resolved bugs and the new features here:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-120956
For your question about the DAP policies configuration . It saved into two places :
DAP.xml file : contains selection attributes . (stored in the flash)
Dynamic access policy records in the config that contains the authorization attributes . and you can see it in the conig of the ASA .
Here is a procedure you can use to copy the dap from one ASA to another ASA :
1) save the production ASA config and dap.xml to a remote ftp/tftp server .
within ASDM you can select :
Tools > backup config --> SSL vpn config -- > check DAP // this will save the dap.xml file
2)On the new ASA :
Delete the dap.xml if exists .
Use this command to clear the DAP records :
clear cofnigure dynamic-access-policy-records
3) copy the original dap.xml file to the new ASA .
4)copy the running config from the original ASA to the new ASA (specially the dynamic-access-policy-record part).
5)Enable the DAP on the new ASA :
dynamic-access-policy-config activate"
6) Close ASDM and open it again .
HTH .
11-10-2015 09:41 PM
Hi Mohammad, first of all, I would like to thank you for taking your time to answer the question.
My question is more about design or best practices for AnyConnect VPN deployment. Our company recently bought 3 5545-x with Apex license installed on them. The plane is to install them in 3 different (geography) locations, one on each site.
Business requirement is - if the closest VPN gateway fails for some reasons, client seamlessly or at lest with minimum traffic interruption connect to the next nearest available VPN gateway. So is OGS (Optimal Gateway Selection) the only option we are looking to do so or is there any other better suggestions?
Thanks,
Josh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide