About ahmad82pkn

ahmad82pkn · 11-11-2024

New to Anyconnect DAP.Got some existing setup with dozen of Tunnel groups and dozen of DAP policy configured.Scratching my head , how DAP policies are mapped to tunnel groups?How does tunnel group know, which policy to call for applying policies?Is t...

ahmad82pkn · 10-28-2024

Hi, I am unable to understand Point 3. Seems like its missing some clarity. Can someone expand on step 3 please?Does NAD send Radius Challenge to Endpoint and then NAD forward it to PSN through RADIUS protocol? Is that what point 3 trying to say ? or...

ahmad82pkn · 10-24-2024

Hi All,We do static endpoint assignment to Identity groups in ISE. But even if endpoint is active the assignment changes to a different identity group after few hours or days.Any idea how to troubleshoot such situation to narrow down the issue?

ahmad82pkn · 10-06-2024

Hi All,Pretty new to DAP in Anyconnect.2 Basic questions.1- I inherited few firewalls. Which has DAP policy name in running config. But reading documentation. It seems DAP.XML should be in flash: . What is the difference between DAP Profile in Runn...

ahmad82pkn · 08-03-2024

Hi Team.I have a host on LAN that is trying to build IPSEC VPN with remote site.I am using Dynamic PAT for all traffic.I believe it should work.But interestingly, I see all traffic getting NAT but not UDP 500.Any idea why? Ideally i want UDP 500 and ...

ahmad82pkn · 11-11-2024

I think. I found the answer. Dap xml seems to have matching tunnels group

ahmad82pkn · 11-01-2024

Thank you for your detailed response. Will be helpful in tshoot as well.

ahmad82pkn · 10-25-2024

We have ISE 3.1 . Do you know if 3.1 also impacted? Whats best way to check each version for same bug?

ahmad82pkn · 10-25-2024

No. Using script to manually add macs in identity group.But next day . They are in different group. How can i find reason of this change.Any logs that provide source that triggered change to move to other group?

ahmad82pkn · 08-22-2024

Issue is resolved after enabling NAT-T on SRXUpdating local identity and remote identity local identity Egress public IP of FTDremote identity public IP of remote peerAlso SRX Egress interface had IKE system service enabled on untrust zone. But then ...

Member Since	‎01-14-2009 05:52 AM
Date Last Visited	‎12-22-2024 11:09 PM
Posts	479
Total Helpful Votes Received	31

User Statistics

User Activity

How DAP are mapped to Tunnel-Group

ISE Communication Model question

Static Identity Group Assignment changing in ISE

DAP in running configuration

FTD NAT Issue on UDP port 500

Re: How DAP are mapped to Tunnel-Group

Re: ISE Communication Model question

Re: Static Identity Group Assignment changing in ISE

Re: Static Identity Group Assignment changing in ISE

Re: FTD NAT Issue on UDP port 500