ASA Anyconnect and DAp

l.buschi · ‎02-11-2025

Hello, I deplyed a remote access with ASA Anyconnect and DAP.

DAP works perfectly from my client to my inside network but I also need one internale server (antivirus) to reach my remote computer.

Even with a proper policy from inside to remote client, communication from server to remote client fails.

any idea?

Many tks

Johnny

Sheraz.Salim · ‎02-12-2025

Does you Internal server (antivirus) also reside on the same Interface of Inside Network?

if Antivirus server is residing at different Interface in that case you need to create an other static NAT rule to allow your remote user anyconnect pool to Antivirus server Interface (optional also if require add a route to your Firewall if the server is behind another L3 device)

also make sure the antivirus IP address is added in the standard access-list under group-policy. as an example

Create the access list that defines the network behind the ASA.

    ciscoasa(config)# access-list Split_Tunnel_List remark The corporate network behind the ASA.
    ciscoasa(config)# access-list Split_Tunnel_List standard host 10.0.1.10 

Enter Group Policy configuration mode for the policy that you wish to modify.

    ciscoasa(config)# group-policy hillvalleyvpn attributes 
    ciscoasa(config-group-policy)#

Specify the split tunnel policy. In this case the policy is tunnelspecified.

    ciscoasa(config-group-policy)# split-tunnel-policy tunnelspecified

Specify the split tunnel access list. In this case, the list is Split_Tunnel_List.

    ciscoasa(config-group-policy)# split-tunnel-network-list value Split_Tunnel_List

please do not forget to rate.