Showing results for 
Search instead for 
Did you mean: 

AnyConnect - Dynamic Access Policies not working


I am configuring AnyConnect and having trouble with DAP. Somehow the DAP is not matching. Even the simplest one of Operating System = Windows 7 did not work. The DAP testing tool too is not working as expected. It keeps on appending previous test parameters. Is there any simple way to check the DAP policy matches? I had seen "debug dap trace" but with few thousands of users I am not sure how the troubleshooting will work. I am new to ASA/AnyConnect. We are migrating from Juniper Secure Access to Cisco AnyConnect. I already have Cisco TAC open but engg too could not provide me convincing answers. After lof of trial errors, we saw one of them working. Before configuring production setup, I want to make sure I understand, configure and test all AnyConnect components.

2 Replies 2

Karsten Iwen
VIP Mentor VIP Mentor
VIP Mentor

One of the most common problems with DAP is that it's license-dependent. If you wan't to test on the OS of non-mobile-devices, you need the Advanced-Endpoint-assessment-license. For that to use you need AnyConnect Premium. Do you have that license installed?

Sent from Cisco Technical Support iPad App

Yes I do have Premium license. I can see Advance Host scan software selectable under Host Scan. This was also reviewed by TAC.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers