Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1436
Views
0
Helpful
5
Replies

Anyconnect DAP policy endpoint attribute does not have windows 10 options.

anil.kumark
Level 1
Level 1

‎12-19-2018 02:53 AM

While creating DAP policy for Anyconnect endpoint attribute for operating system we have option for window XP/8/vista/7 but no option to select windows 10.

 

And when we dont have the policy specific to window 10 it should ideally get dropped by default policy however in my case its being allowed.

 

Labels:
0 Helpful
5 Replies 5

Mohammed al Baqari
Level 11
Level 11

‎12-19-2018 04:43 AM

See this bug. CSCur90915

Its says fixed in ASDM 7.4(1). To see how its matched, check debug dap
trace 127
0 Helpful

anil.kumark
Level 1
Level 1
In response to Mohammed al Baqari

‎12-21-2018 02:25 AM

Thanks Mohammed. will check on the ASDM version and get back to you.

Also I hope running debug related to DAP should not cause performance issues?

Thanks
Anil
0 Helpful

anil.kumark
Level 1
Level 1
In response to Mohammed al Baqari

‎01-31-2019 07:54 PM

Thanks for the input. I do have the debug dap trace 255 output now.  I can see the platform= win & platform version = 10.0.17134 and its for window 10.

Which statement should I check for the exact DAP policy match? Sorry due to privacy issues can't post the entire DAP debug logs here.

 

Any help appreciated.

 

Anil

 

0 Helpful

anil.kumark
Level 1
Level 1
In response to anil.kumark

‎01-31-2019 08:59 PM

Below is the sample debug output, initially it detected win platform and version as 10, later it shows window 8

endpoint.anyconnect.platform="win";
endpoint.anyconnect.platformversion="10.***";
DAP_TRACE[128]: dap_add_to_lua_tree:aaa["cisco"]["tunnelgroup"]="XXXX"
DAP_TRACE: aaa["cisco"]["tunnelgroup"] = "XXXX"
DAP_TRACE[128]: dap_add_to_lua_tree:endpoint["application"]["clienttype"]="AnyConnect"
DAP_TRACE: endpoint["application"]["clienttype"] = "AnyConnect"
DAP_TRACE[128]: dap_install_endpoint_data_to_lua:endpoint.os.version="Windows 8"
DAP_TRACE: endpoint.os.version = "Windows 8"
DAP_TRACE[128]: dap_install_endpoint_data_to_lua:endpoint.policy.location="Default"
DAP_TRACE: endpoint.policy.location = "Default"

does it matching the default policy at the end?

later I also see these messages for window 10,

DAP_TRACE: Username: XXXX, Selected DAPs: ,XXXX
DAP_TRACE: dap_process_selected_daps: selected 1 records
DAP_TRACE: Username: XXXX, dap_aggregate_attr: rec_count = 1
DAP_TRACE[128]: DAP ACL Aggregate: Classifying apras-acl: priority=121, sense=0(White), Denies=0, Permits=9050
DAP_TRACE: Username: XXXX, DAP_close: XXXX
DAP_TRACE: DAP_open: XXXX
0 Helpful

anil.kumark
Level 1
Level 1
In response to anil.kumark

‎01-31-2019 10:24 PM

Further testing confirms that window 10 systems are matched against window 8 version and selected the DAP XXXX which has selection configured for window XP,7,8,Vista and MACOS only.
Also its weird to see in selected DAP section (Selected DAPs: ,XXXX) there is a blank space/gap at first and then it shows XXXX.
We have not got a chance to upgrade the ASDM and test. We need to find the reason behind this in order to proceed further.
0 Helpful
Customers Also Viewed These Support Documents