To view which all daps are getting applied to your session
do a "debug dap trace 255".. you will see a line selected daps in the output.. make sure you are not hitting any other DAP policy that is allowing access to the user.
Hi Saroj,
Can you provide the output of packet tracer again.I want to make sure that this traffic is hitting VPN:
Also enable conditional crypto debugs on the box and paste the outputs that you are getting.
Lab1(conf)#no logging consolelab1(conf)log...
I see a mismatch in phase 1 proposals:
Nov 19 20:10:43 [IKEv1 DEBUG]IP = 63.124.2.202, All SA proposals found unacceptable
Can you check if the proposals on both the sides match?
Hi Ramesh,
Try using DAP to restrict access to users belonging to a specific AD group :
https://supportforums.cisco.com/document/7691/asa-8x-dynamic-access-policies-dap-deployment-guide
Use the AAA attribute "LDAP .member of" to allow access to users...
