Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
To view which all daps are getting applied to your session
do a "debug dap trace 255".. you will see a line selected daps in the output.. make sure you are not hitting any other DAP policy that is allowing access to the user.
Hi Saroj,
Can you provide the output of packet tracer again.I want to make sure that this traffic is hitting VPN:
Also enable conditional crypto debugs on the box and paste the outputs that you are getting.
Lab1(conf)#no logging consolelab1(conf)log...
I see a mismatch in phase 1 proposals:
Nov 19 20:10:43 [IKEv1 DEBUG]IP = 63.124.2.202, All SA proposals found unacceptable
Can you check if the proposals on both the sides match?
Hi Ramesh,
Try using DAP to restrict access to users belonging to a specific AD group :
https://supportforums.cisco.com/document/7691/asa-8x-dynamic-access-policies-dap-deployment-guide
Use the AAA attribute "LDAP .member of" to allow access to users...
