Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
0
Replies

Anyconnect DAP issue

Richard Tapp
Level 1
Level 1

‎07-16-2021 01:12 AM - edited ‎07-16-2021 01:13 AM

We have an issue where DAP is not working correctly.

 

We have 2 pairs of firewalls, an older 5525 pair running 9.8(4)32 and a newer 2120 pair running 9.14(2)14

One of the profiles is on both firewalls. DAP is set to look for the cisco.tunnelgroup and ldap.memberof on both pairs.

If I remove my AD name from the ldap group, my login stops working on the older pair (what we want to happen). But on the newer pair I can still access it. The ACL is still being applied, but anyone with a valid AD account could log into it and we want to lock it down as it is for 3rd party support only.

DAPs on both pairs are configured in a similar way, priorites are the same and the default one is set up the same

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents