Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1325
Views
0
Helpful
1
Replies

DAP limitations

bachleit6
Level 1
Level 1

ā€Ž05-19-2010 01:00 PM - edited ā€Ž03-11-2019 10:48 AM

Are there any limitations regarding Dynamic Access Policies (DAP), i.e. CPU, Memory, walk through times?

Use Case:

ASA5520, 3000 IPSEC Users, LDAP Connection to AD

There are 200 Groups in the AD that will be referenced in the DAP.

So there are 200 DAP Entries, all with "Continue" at the end of the DAP.

A user can be a member of many AD groups.

Every DAP entry has it's own ACL of about 5 ACE's

Thanks.

Labels:
0 Helpful
1 Reply 1

Peter Davis
Cisco Employee
Cisco Employee

ā€Ž06-02-2010 05:54 AM

There is no configuration limit for the number of DAP records on the ASA. There are limits on the number of values/instances each attribute can have. Currently a maximum of 999 values/instances can be processed per  attribute in each DAP. With that said, each instance will utilize memory and CPU for processing. If you have excessive numbers you will want to keep an eye on memory utilization since you may want to adjust your plans for device capacity appropriately.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card