05-16-2016 01:00 PM
I'm not finding a good answer to my question...
I'm curious about DAP policies. I have several connection profiles/group policies. I'd like to configure DAP policies that apply only to certain group policies, and not every group policy - for example, internal users would have different DAP policy than external.
I'm not having good luck finding an answer to whether or not that's possible and if so, how to make it happen.
Mind you, I'm not well versed on ASDM.
05-17-2016 01:14 PM
Yes, that is possible. You can match on lots and lots of different parameters.
05-19-2016 07:48 AM
Well here's what I have and what I want to do:
Internal and external users, internal obviously in AD, external are not. We authenticate using radius (RSA). All VPNs terminate on the same ASA pair.
In AnyConnect I have several connection profiles matched with group policies. What I'd like to do is leverage DAP to say "if you're an internal user, you connect using connection profile/GP A or B, if you're an external user, C or D. If you connect to either A or B your PC must belong in the AD domain, otherwise drop. If you connect to C or D, doesn't matter, those are for external users."
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: