Solved: Re: Anyconnect VPN and DAP - Page 2

cowetacoit · ‎03-26-2010

I'm tying to figure out how to migrate from IPSec to Anyconnect. I have successfully configured Anyconnect to work although not the way i'd like. With IPSec i'd have 1 profile for all of our staff and seperate individual profiles for vendors that needed certain access to servers or ther networks. Since we started looking at Anyconnect we enabled LDAP on the ASA. My question is how can i assign a single user an ACL which only allows them access to one server or device? I created a DAP but i only see where i can add AD groups, not individual users.

cowetacoit · ‎04-02-2010

thanks for the info but the didn't seem to work either. I can't get the username to associate with the DAP. It just goes straight to the default DAP. Do i need to do any Attribute mapping or anything else in AD? Also i only have the 2 licenses for the SSL VPN client. We're waiting on the license order to go through. Would that have anything to do with it?

Jennifer Halim · ‎04-02-2010

No, license has nothing to do with the issue. License will allow you only 2 concurrent SSL connections at the moment.

Looks like you are matching on LDAP.username on the DAP policy. Please match on "Cisco" username, instead of "LDAP" username on the DAP policy.

cowetacoit · ‎04-02-2010

awesome....got it working now. thanks guy!

triw · ‎08-31-2021

Is there someone has experience DAP with Cisco ISE as radius? I need exempt some of user from Always-On VPN