03-05-2009 02:26 PM - edited 02-21-2020 03:20 AM
Is there a way to define a smart tunnel list to a specific dynamic access policy.
I need to tunnel different applications depending upon the group users are assigned to within AD. Since the DAP seems to use the DftGrpPolicy, I do not want to define the smart tunnel list on that policy since it would hand it out to all users, but I have been unable to find where this can be added.
03-11-2009 02:54 PM
Dynamic access policies (DAP), a new feature introduced in software release v8.0 code of the Adaptive Security Appliance (ASA), enable you to configure authorization that addresses the dynamics of VPN environments. You create a dynamic access policy by setting a collection of access control attributes that you associate with a specific user tunnel or session. These attributes address issues of multiple group membership and endpoint security.
http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml#t3
05-14-2009 07:38 AM
Have you figured this out. I am tring to do the same thing.
05-14-2009 08:24 AM
Sorry to say, but no, I finally set it up to start all the STs on the default policy, not the best solution, but at least it works.
08-05-2011 09:07 AM
Hi,
I'm also trying to do the same thing on the latest ASA 8.4 without success.
Anyone knows if Cisco is planning to add that feature later on?
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide