cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1278
Views
0
Helpful
1
Replies

Dynamic Access Policy (DAP) Network ACL on Cisco ASA issue

junajunction
Level 1
Level 1

Hi,

We have a requirement to configure Cisco Anyconnect clients with DAP. The users should be fully tunneled and have internet access through the company network also the users should only have access to limited resources inside the company network.

 

I tried to achieve this with the DAP ACL by tunneling all traffic through the vpn connection.

 

Users-->AnyConnect Client-->Remote VPN-->Split Tunnel All-->DAP (Match user)-->DAP Network ACL-->Allow specific resources internal for users -->Deny all other internal resources for users-->Allow internet traffic (ip any any)

 

I found Cisco document saying DAP ACL will not support permit and deny on the same policy. Hence the client is always getting denied to all internal traffic once the deny statements are inserted.

 

Any suggestions or work arounds are a welcome.

 

Thank you,

Arjun

1 Reply 1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: