cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

773
Views
0
Helpful
1
Replies
junajunction
Beginner

Dynamic Access Policy (DAP) Network ACL on Cisco ASA issue

Hi,

We have a requirement to configure Cisco Anyconnect clients with DAP. The users should be fully tunneled and have internet access through the company network also the users should only have access to limited resources inside the company network.

 

I tried to achieve this with the DAP ACL by tunneling all traffic through the vpn connection.

 

Users-->AnyConnect Client-->Remote VPN-->Split Tunnel All-->DAP (Match user)-->DAP Network ACL-->Allow specific resources internal for users -->Deny all other internal resources for users-->Allow internet traffic (ip any any)

 

I found Cisco document saying DAP ACL will not support permit and deny on the same policy. Hence the client is always getting denied to all internal traffic once the deny statements are inserted.

 

Any suggestions or work arounds are a welcome.

 

Thank you,

Arjun

1 REPLY 1
Rob Ingram
VIP Mentor