02-16-2009 09:06 AM - edited 03-11-2019 07:51 AM
Hello,
I've configured, in my ASA 5550, cut through proxy with IAS/AD for internal users browsing the Internet and the feature works well.
As soon as I deployed the remote access VPN config which's working with DAP, the cut though proxy stopped working.
Users got error message (error:Dynamic access policy not continue.
How can I disable http request handling by DAP, I want to use DAP and cut though proxy separately.
Thanks for your hints
02-16-2009 01:46 PM
This is Odd, DAP asks you to choose the application that it will be used for, in your case IPSEC, did you choose this application?
02-17-2009 06:32 AM
Hi,
For now I removed all policies and I just have the default Access policy and there's no application for it.
Thank you.
02-17-2009 06:36 AM
So is it working now or not?
02-17-2009 07:38 AM
you have to configure the default action to continue to make it work.
when you configure the default action to terminate the error message is displayed.
Do you have a link or a document that explain how to configure DAP without interfering with cut through proxy ?
Thank you.
02-17-2009 07:42 AM
Yes, and DAP has a default action enabled by default which action is to continue, I don't think there are docs explaining how to integrate both but again using the application type you can restrict it to
cut-through or IPSEC.
https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml
02-17-2009 09:13 AM
Thank you...I'll remake my test based on your suggestions.
Best regards
02-17-2009 10:29 AM
Hello,
I want to use DAP with a ipsec VPN client and whenever I create a dynamic policy in CSM, I receive a message asking to activate CSD.
How can I use DAP without CSD ?
Thanks
02-17-2009 10:32 AM
I have not done it via CSM before, are you on the right section?
02-17-2009 11:48 AM
Yes, CSM 3.2.1 allow you to configure DAP but not the 3.2 version.
How to configure the application in ASDM ? I didn't see a field for the application.
02-17-2009 11:51 AM
ASDM 6.0 should have it under SVC Anyconnect section for remote access, but worry not that does not mean it applies anything to the SVC or anyconnect just seems they find no better place to put it, there is another section which I don't have on top of my head right now.
02-17-2009 12:10 PM
OK, I'll test it and let you know.
thank you very much
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide